renovate[bot]
commented
1 year ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: package-lock.json
This PR contains the following updates:
^8.5.1->^9.0.0Release Notes
auth0/node-jsonwebtoken (jsonwebtoken)
### [`v9.0.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#902---2023-08-30) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v9.0.1...v9.0.2) - security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes [#921](https://redirect.github.com/auth0/node-jsonwebtoken/issues/921). - refactor: reduce library size by using lodash specific dependencies, closes [#878](https://redirect.github.com/auth0/node-jsonwebtoken/issues/878). ### [`v9.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#901---2023-07-05) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v9.0.0...v9.0.1) - fix(stubs): allow decode method to be stubbed ### [`v9.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#900---2022-12-21) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0) **Breaking changes: See [Migration from v8 to v9](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)** ##### Breaking changes - Removed support for Node versions 11 and below. - The verify() function no longer accepts unsigned tokens by default. (\[[`8345030`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16) - RSA key size must be 2048 bits or greater. (\[[`ecdf6cc`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6) - Key types must be valid for the signing / verification algorithm ##### Security fixes - security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529 - security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540 - security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541 - security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.