hugh-mend / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
http://owasp-juice.shop
MIT License
0 stars 0 forks source link

Update dependency express-jwt to v8 (master) - autoclosed #696

Closed mend-for-github-com[bot] closed 3 months ago

mend-for-github-com[bot] commented 4 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express-jwt 0.1.3 -> 8.0.0 age adoption passing confidence

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Critical 9.8 CVE-2015-9235 #16
Critical 9.1 CVE-2020-15084 #40
High 8.1 CVE-2022-23539 #565
High 7.6 CVE-2022-23540 #567
High 7.5 CVE-2017-18214 #15
High 7.5 CVE-2022-24785 #185
Medium 6.5 CVE-2016-4055 #12
Medium 6.3 CVE-2022-23541 #569
Medium 5.3 WS-2016-0075 #22
Medium 4.6 CVE-2016-1000223 #6

Release Notes

auth0/express-jwt (express-jwt) ### [`v8.0.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#800---2022-12-22) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.8...v8.0.0) - Upgrade jsonwebtoken to v9. https://github.com/advisories/GHSA-27h2-hvpr-p74q . ### [`v7.7.8`](https://togithub.com/auth0/express-jwt/compare/v7.7.7...v7.7.8) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.7...v7.7.8) ### [`v7.7.7`](https://togithub.com/auth0/express-jwt/compare/v7.7.6...v7.7.7) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.6...v7.7.7) ### [`v7.7.6`](https://togithub.com/auth0/express-jwt/compare/v7.7.5...v7.7.6) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.5...v7.7.6) ### [`v7.7.5`](https://togithub.com/auth0/express-jwt/compare/v7.7.4...v7.7.5) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.4...v7.7.5) ### [`v7.7.4`](https://togithub.com/auth0/express-jwt/compare/v7.7.3...v7.7.4) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.3...v7.7.4) ### [`v7.7.3`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#773---2022-05-30) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.2...v7.7.3) - Fix tsc build error for express-unless ([e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198](https://togithub.com/auth0/express-jwt/commit/e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)) - Remove esModuleInterop and fix assert import in tests ([9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201](https://togithub.com/auth0/express-jwt/commit/9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)) ### [`v7.7.2`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#772---2022-05-19) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.1...v7.7.2) - fix instaceof comparison for UnauthorizedError. closes [#​292](https://togithub.com/auth0/express-jwt/issues/292) ([6c87fe401ecba868feda1ffa530082c7c539321a](https://togithub.com/auth0/express-jwt/commit/6c87fe401ecba868feda1ffa530082c7c539321a)), closes [#​292](https://togithub.com/auth0/express-jwt/issues/292) - update changelog ([b1344fa7f6f9dd3d27115a9107b3ef4323733895](https://togithub.com/auth0/express-jwt/commit/b1344fa7f6f9dd3d27115a9107b3ef4323733895)) ### [`v7.7.1`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#771---2022-05-13) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.7.0...v7.7.1) - fix readme and package-lock ([7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1](https://togithub.com/auth0/express-jwt/commit/7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)) - build(deps): required runtime types ([f3f5af5c214241b4f92b91c49db8586ec20e4526](https://togithub.com/auth0/express-jwt/commit/f3f5af5c214241b4f92b91c49db8586ec20e4526)) - docs: fix tiny typo ([07e771857489b6344a8dc457069d040a76e84230](https://togithub.com/auth0/express-jwt/commit/07e771857489b6344a8dc457069d040a76e84230)) ### [`v7.7.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#770---2022-05-06) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.6.2...v7.7.0) - deprecate ExpressJwtRequest in favor of Request with optional auth, closes [#​284](https://togithub.com/auth0/express-jwt/issues/284) ([de169def56f98f4237741aa6755d0c5e248bd561](https://togithub.com/auth0/express-jwt/commit/de169def56f98f4237741aa6755d0c5e248bd561)), closes [#​284](https://togithub.com/auth0/express-jwt/issues/284) ### [`v7.6.2`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#762---2022-05-02) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.6.1...v7.6.2) - remove undefined from algorhitms fix [#​285](https://togithub.com/auth0/express-jwt/issues/285) ([587238bd0ad7a59f784daf9f626b9bf9abc7e029](https://togithub.com/auth0/express-jwt/commit/587238bd0ad7a59f784daf9f626b9bf9abc7e029)), closes [#​285](https://togithub.com/auth0/express-jwt/issues/285) ### [`v7.6.1`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#761---2022-05-02) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.6.0...v7.6.1) - add note about [@​types/jsonwebtoken](https://togithub.com/types/jsonwebtoken) in readme ([03c8419d6fc78c9029a7b474d3aede7f94e80121](https://togithub.com/auth0/express-jwt/commit/03c8419d6fc78c9029a7b474d3aede7f94e80121)) - make algorithms a required parameter in types. closes [#​285](https://togithub.com/auth0/express-jwt/issues/285) ([097a1df0d7ba511afce9578e4cf45bca2589b253](https://togithub.com/auth0/express-jwt/commit/097a1df0d7ba511afce9578e4cf45bca2589b253)), closes [#​285](https://togithub.com/auth0/express-jwt/issues/285) - update changelog ([9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4](https://togithub.com/auth0/express-jwt/commit/9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)) ### [`v7.6.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#760---2022-05-02) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.5.2...v7.6.0) - add ExpressJwtRequestUnrequired to the readme ([3890f53f87b0a84dccaafd8de5a43d3c1dfeae89](https://togithub.com/auth0/express-jwt/commit/3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)) - add SecretCallback\[Long] back for backward compatibility ([c24078e285908cad1c2ac0e63482a75ebf7d7328](https://togithub.com/auth0/express-jwt/commit/c24078e285908cad1c2ac0e63482a75ebf7d7328)) - update changelog ([d3a8e80dec3a6c261f840ad763487a16a47bbc4b](https://togithub.com/auth0/express-jwt/commit/d3a8e80dec3a6c261f840ad763487a16a47bbc4b)) ### [`v7.5.2`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#752---2022-04-27) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.5.1...v7.5.2) - export another type for credentialsRequired: false / ExpressJwtRequestUnrequired ([1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef](https://togithub.com/auth0/express-jwt/commit/1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)) ### [`v7.5.1`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#751---2022-04-27) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.5.0...v7.5.1) - make req.auth optional in the ExpressJwtRequest type ([496fda4a0a20292ca70055b6ab8fdf50414ffa2b](https://togithub.com/auth0/express-jwt/commit/496fda4a0a20292ca70055b6ab8fdf50414ffa2b)) - update changelog ([727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f](https://togithub.com/auth0/express-jwt/commit/727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)) ### [`v7.5.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#750---2022-04-25) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.4.3...v7.5.0) - export TokenGetter ([eb7479b834fb0e052ffad4279394ce353bb13770](https://togithub.com/auth0/express-jwt/commit/eb7479b834fb0e052ffad4279394ce353bb13770)) - improve readme and some types. Closes [#​283](https://togithub.com/auth0/express-jwt/issues/283) ([1a67f69c8781179d3ce7e5f3de8ece40d31c1772](https://togithub.com/auth0/express-jwt/commit/1a67f69c8781179d3ce7e5f3de8ece40d31c1772)), closes [#​283](https://togithub.com/auth0/express-jwt/issues/283) - restore requestProperty ([bf143d07497046b3e7921d3dd4bcbc18e2daeb67](https://togithub.com/auth0/express-jwt/commit/bf143d07497046b3e7921d3dd4bcbc18e2daeb67)) ### [`v7.4.3`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#743---2022-04-21) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.4.2...v7.4.3) - improve readme ([bd2515bec698604c645decd5be93e4f401263662](https://togithub.com/auth0/express-jwt/commit/bd2515bec698604c645decd5be93e4f401263662)) ### [`v7.4.2`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#742---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.4.1...v7.4.2) - include '/dist' in package, closes [#​280](https://togithub.com/auth0/express-jwt/issues/280) ([cf2665d5581e76ed5742e7c2f34b8d05f91cfd18](https://togithub.com/auth0/express-jwt/commit/cf2665d5581e76ed5742e7c2f34b8d05f91cfd18)), closes [#​280](https://togithub.com/auth0/express-jwt/issues/280) ### [`v7.4.1`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#741---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.4.0...v7.4.1) - fix readme definition for revoked and secret callbacks ([9015cf729cfbbf1b28a9646cccbf26d523dce1de](https://togithub.com/auth0/express-jwt/commit/9015cf729cfbbf1b28a9646cccbf26d523dce1de)) - update changelog ([05d7a78baaf76a2a881a95666b0ec7349729d957](https://togithub.com/auth0/express-jwt/commit/05d7a78baaf76a2a881a95666b0ec7349729d957)) ### [`v7.4.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#740---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.3.0...v7.4.0) - handle authorization header in cors when is upper cased. fixes [#​180](https://togithub.com/auth0/express-jwt/issues/180), [#​173](https://togithub.com/auth0/express-jwt/issues/173) ([ab0ee806416e3a5a48ef8a1017a298e1a666b17a](https://togithub.com/auth0/express-jwt/commit/ab0ee806416e3a5a48ef8a1017a298e1a666b17a)), closes [#​180](https://togithub.com/auth0/express-jwt/issues/180) [#​173](https://togithub.com/auth0/express-jwt/issues/173) ### [`v7.3.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#730---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.2.0...v7.3.0) - add support for capital Authorization header. closes [#​200](https://togithub.com/auth0/express-jwt/issues/200) ([6c0698b513e11ff1d4b152e070a627f5092be801](https://togithub.com/auth0/express-jwt/commit/6c0698b513e11ff1d4b152e070a627f5092be801)), closes [#​200](https://togithub.com/auth0/express-jwt/issues/200) ### [`v7.2.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#720---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.1.0...v7.2.0) - Add example on how to enable jwt for specific path ([280511342522f11a90da93187a44af1a1b3cf5eb](https://togithub.com/auth0/express-jwt/commit/280511342522f11a90da93187a44af1a1b3cf5eb)) - Fix link to auth0.com ([b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15](https://togithub.com/auth0/express-jwt/commit/b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)) - remove travis badge ([a854342c28f7186ec70e298124b4d650a26767b2](https://togithub.com/auth0/express-jwt/commit/a854342c28f7186ec70e298124b4d650a26767b2)) - Update docs to continue error handling on mismatch ([627b358d07b19d299964a5ef18a772db9b6426e2](https://togithub.com/auth0/express-jwt/commit/627b358d07b19d299964a5ef18a772db9b6426e2)) - Update README.md ([8d7af267189a49f42b88807d236647bd7398fde3](https://togithub.com/auth0/express-jwt/commit/8d7af267189a49f42b88807d236647bd7398fde3)) ### [`v7.1.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#710---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v7.0.0...v7.1.0) - add support for async, closes [#​249](https://togithub.com/auth0/express-jwt/issues/249) ([72236ec1cfb0e7847351c83908be1d84141e30f1](https://togithub.com/auth0/express-jwt/commit/72236ec1cfb0e7847351c83908be1d84141e30f1)), closes [#​249](https://togithub.com/auth0/express-jwt/issues/249) - update changelog ([cb50ed43b2de9ae9be8643e7834640fa912ef367](https://togithub.com/auth0/express-jwt/commit/cb50ed43b2de9ae9be8643e7834640fa912ef367)) ### [`v7.0.0`](https://togithub.com/auth0/express-jwt/blob/HEAD/CHANGELOG.md#700---2022-04-20) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v6.1.2...v7.0.0) - Convert the project to typescript and improve typescript ([2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd](https://togithub.com/auth0/express-jwt/commit/2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)) ### [`v6.1.2`](https://togithub.com/auth0/express-jwt/compare/v6.1.1...v6.1.2) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v6.1.1...v6.1.2) ### [`v6.1.1`](https://togithub.com/auth0/express-jwt/compare/v6.1.0...v6.1.1) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v6.1.0...v6.1.1) ### [`v6.1.0`](https://togithub.com/auth0/express-jwt/compare/v6.0.0...v6.1.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v6.0.0...v6.1.0) ### [`v6.0.0`](https://togithub.com/auth0/express-jwt/compare/v5.3.3...v6.0.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v5.3.3...v6.0.0) ### [`v5.3.3`](https://togithub.com/auth0/express-jwt/compare/v5.3.2...v5.3.3) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v5.3.2...v5.3.3) ### [`v5.3.2`](https://togithub.com/auth0/express-jwt/compare/v5.3.1...v5.3.2) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v5.3.1...v5.3.2) ### [`v5.3.1`](https://togithub.com/auth0/express-jwt/compare/v5.3.0...v5.3.1) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v5.3.0...v5.3.1) ### [`v5.3.0`](https://togithub.com/auth0/express-jwt/compare/v5.1.0...v5.3.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v5.1.0...v5.3.0) ### [`v5.1.0`](https://togithub.com/auth0/express-jwt/compare/v5.0.0...v5.1.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v5.0.0...v5.1.0) ### [`v5.0.0`](https://togithub.com/auth0/express-jwt/compare/v3.4.0...v5.0.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v3.4.0...v5.0.0) ### [`v3.4.0`](https://togithub.com/auth0/express-jwt/compare/v3.3.0...v3.4.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v3.3.0...v3.4.0) ### [`v3.3.0`](https://togithub.com/auth0/express-jwt/compare/v3.2.0...v3.3.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v3.2.0...v3.3.0) ### [`v3.2.0`](https://togithub.com/auth0/express-jwt/compare/v3.1.0...v3.2.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v3.1.0...v3.2.0) ### [`v3.1.0`](https://togithub.com/auth0/express-jwt/compare/v3.0.1...v3.1.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v3.0.1...v3.1.0) ### [`v3.0.1`](https://togithub.com/auth0/express-jwt/compare/v3.0.0...v3.0.1) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v3.0.0...v3.0.1) ### [`v3.0.0`](https://togithub.com/auth0/express-jwt/compare/v2.1.0...v3.0.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v2.1.0...v3.0.0) ### [`v2.1.0`](https://togithub.com/auth0/express-jwt/compare/v2.0.1...v2.1.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v2.0.1...v2.1.0) ### [`v2.0.1`](https://togithub.com/auth0/express-jwt/compare/v2.0.0...v2.0.1) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v2.0.0...v2.0.1) ### [`v2.0.0`](https://togithub.com/auth0/express-jwt/compare/v1.4.0...v2.0.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v1.4.0...v2.0.0) ### [`v1.4.0`](https://togithub.com/auth0/express-jwt/compare/v1.3.1...v1.4.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v1.3.1...v1.4.0) ### [`v1.3.1`](https://togithub.com/auth0/express-jwt/compare/v1.3.0...v1.3.1) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v1.3.0...v1.3.1) ### [`v1.3.0`](https://togithub.com/auth0/express-jwt/compare/v1.2.0...v1.3.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v1.2.0...v1.3.0) ### [`v1.2.0`](https://togithub.com/auth0/express-jwt/compare/v1.1.0...v1.2.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v1.1.0...v1.2.0) ### [`v1.1.0`](https://togithub.com/auth0/express-jwt/compare/v1.0.0...v1.1.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v1.0.0...v1.1.0) ### [`v1.0.0`](https://togithub.com/auth0/express-jwt/compare/v0.6.2...v1.0.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v0.6.2...v1.0.0) ### [`v0.6.2`](https://togithub.com/auth0/express-jwt/compare/v0.6.1...v0.6.2) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v0.6.1...v0.6.2) ### [`v0.5.0`](https://togithub.com/auth0/express-jwt/compare/v0.4.0...v0.5.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v0.4.0...v0.5.0) ### [`v0.4.0`](https://togithub.com/auth0/express-jwt/compare/v0.3.2...v0.4.0) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v0.3.2...v0.4.0) ### [`v0.3.2`](https://togithub.com/auth0/express-jwt/compare/v0.3.1...v0.3.2) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v0.3.1...v0.3.2) ### [`v0.3.1`](https://togithub.com/auth0/express-jwt/compare/v0.3.0...v0.3.1) [Compare Source](https://togithub.com/auth0/express-jwt/compare/v0.3.0...v0.3.1)