search

graphile / examples

Examples of using PostGraphile with various servers and clients [WIP]
MIT License
69 stars 24 forks source link

[Snyk] Security upgrade koa-jwt from 3.3.2 to 4.0.4 #86

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 671/1000
Why? Recently disclosed, Has a fix available, CVSS 7.7		 Improper Input Validation
SNYK-JS-JSONWEBTOKEN-3180020		 Yes No Known Exploit
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 Yes No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 Yes No Known Exploit
medium severity 626/1000
Why? Recently disclosed, Has a fix available, CVSS 6.8		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: koa-jwt The new version differs by 85 commits.
  • ac272c0 4.0.4
  • 0599444 Bump jsonwebtoken from 8.5.1 to 9.0.0
  • 634c5c0 Bump qs from 6.9.3 to 6.11.0 (#192)
  • aabdf9d Bump ansi-regex from 3.0.0 to 3.0.1 (#190)
  • 54abffc Bump minimist from 1.2.5 to 1.2.6 (#189)
  • 8ae721d Bump pathval from 1.1.0 to 1.1.1 (#187)
  • 81e326b chore: bump to 4.0.3
  • 3e83be9 4.0.2
  • c667787 Export more interfaces
  • 45bdca6 Bump path-parse from 1.0.6 to 1.0.7 (#184)
  • e944009 Bump glob-parent from 5.1.1 to 5.1.2
  • 3fb4bb7 Bump lodash from 4.17.19 to 4.17.21
  • e1d9f1e 4.0.1
  • aa6e10a Bump y18n from 4.0.0 to 4.0.1
  • d663492 Bump lodash from 4.17.15 to 4.17.19
  • 8ac436f Fix typing of `getToken`
  • f694cb6 support leading/trailing whitespace in Authorization header value
  • c073cf2 4.0.0
  • 735b89d Add missing options:
  • fa27b12 Detail explicitly middleware's options in README
  • d7f9678 Fix typing of `path` property (#172)
  • 7454df4 Merge pull request #157 from buuug7/master
  • c680e0c chore: bump deps, update yarn.lock
  • 98f2d7d Update the repo 🚀 ! (#167)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

benjie commented 1 year ago

Apparently the breaking change was bumping the minimum supported Node version to 8, so this should be safe to merge.