search

danger / danger-js

⚠️ Stop saying "you forgot to …" in code review
http://danger.systems/js/
MIT License
5.26k stars 368 forks source link

Upgrade jsonwebtoken and @types/jsonwebtoken #1345

Closed connyay closed 1 year ago

connyay commented 1 year ago

jsonwebtoken <= 8.5.1 had a potential vuln in the verify method that wasn't called by this lib, but can still set off alerts of vuln scanning tools

https://git.corp.tanium.com/advisories/GHSA-27h2-hvpr-p74q https://git.corp.tanium.com/advisories/GHSA-8cf7-32gw-wr33

jeanphilippeds commented 1 year ago

Thanks for the PR @connyay

What is the next step to have it merged?

Thanks, JP

connyay commented 1 year ago

Thanks for the PR @connyay

What is the next step to have it merged?

Thanks, JP

🤷

A maintainer needs to approve/merge it.

alexgleason commented 1 year ago

Fixes #1346

@orta Please merge this. It fixes... 4 security vulnerabilities. I just wasted time creating an MR only to discover it had already been done.

EDIT: I just sponsored from @soapbox-pub

orta commented 1 year ago

Sure, will try make a deploy this evening - no need to sponsor for this though