search

jinaga / starter-typescript-react

Jinaga starter using TypeScript and React
0 stars 0 forks source link

[Snyk] Upgrade jsonwebtoken from 9.0.0 to 9.0.1 #118

Closed michaellperry closed 1 year ago

michaellperry commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade jsonwebtoken from 9.0.0 to 9.0.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **1 version** ahead of your current version. - The recommended version was released **17 days ago**, on 2023-07-05.
Release notes
Package name: jsonwebtoken
  • 9.0.1 - 2023-07-05

    Updating package version to 9.0.1 (#920)

      </li>
  <li>
    <b>9.0.0</b> - <a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/releases/tag/v9.0.0">2022-12-21</a></br><ul>

  • Check if node version supports asymmetricKeyDetails

  • Validate algorithms for ec key type

  • Rename variable

  • Rename function

  • Add early return for symmetric keys

  • Validate algorithm for RSA key type

  • Validate algorithm for RSA-PSS key type

  • Check key types for EdDSA algorithm

  • Rename function

  • Move validateKey function to module

  • Convert arrow to function notation

  • Validate key in verify function

  • Simplify if

  • Convert if to switch..case

  • Guard against empty key in validation

  • Remove empty line

  • Add lib to check modulus length

  • Add modulus length checks

  • Validate mgf1HashAlgorithm and saltLength

  • Check node version before using key details API

  • Use built-in modulus length getter

  • Fix Node version validations

  • Remove duplicate validateKey

  • Add periods to error messages

  • Fix validation in verify function

  • Make asymmetric key validation the latest validation step

  • Change key curve validation

  • Remove support for ES256K

  • Fix old test that was using wrong key types to sign tokens

  • Enable RSA-PSS for old Node versions

  • Add specific RSA-PSS validations on Node 16 LTS+

  • Improve error message

  • Simplify key validation code

  • Fix typo

  • Improve error message

  • Change var to const in test

  • Change const to let to avoid reassigning problem

  • Improve error message

  • Test incorrect private key type

  • Rename invalid to unsupported

  • Test verifying of jwt token with unsupported key

  • Test invalid private key type

  • Change order of object parameters

  • Move validation test to separate file

  • Move all validation tests to separate file

  • Add prime256v1 ec key

  • Remove modulus length check

  • WIP: Add EC key validation tests

  • Fix node version checks

  • Fix error message check on test

  • Add successful tests for EC curve check

  • Remove only from describe

  • Remove only

  • Remove duplicate block of code

  • Move variable to a different scope and make it const

  • Convert allowed curves to object for faster lookup

  • Rename variable

  • Change variable assignment order

  • Remove unused object properties

  • Test RSA-PSS happy path and wrong length

  • Add missing tests

  • Pass validation if no algorithm has been provided

  • Test validation of invalid salt length

  • Test error when signing token with invalid key

  • Change var to const/let in verify tests

  • Test verifying token with invalid key

  • Improve test error messages

  • Add parameter to skip private key validation

  • Replace DSA key with a 4096 bit long key

  • Test allowInvalidPrivateKeys in key signing

  • Improve test message

  • Rename variable

  • Add key validation flag tests

  • Fix variable name in Readme

  • Change private to public dsa key in verify

  • Rename flag

  • Run EC validation tests conditionally

  • Fix tests in old node versions

  • Ignore block of code from test coverage

  • Separate EC validations tests into two different ones

  • Add comment

  • Wrap switch in if instead of having an early return

  • Remove unsupported algorithms from asymmetric key validation

  • Rename option to allowInvalidAsymmetricKeyTypes and improve Readme

  • 9.0.0

  • adding migration notes to readme

  • adding changelog for version 9.0.0

Co-authored-by: julienwoll julien.wollscheid@auth0.com

  </li>
</ul>
from <a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/releases">jsonwebtoken GitHub release notes</a>

Commit messages
Package name: jsonwebtoken
  • 8afff56 9.0.1
  • a99fd4b fix(stubs): allow decode method to be stubbed (#876)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs