search

jinaga / starter-typescript-react

Jinaga starter using TypeScript and React
0 stars 0 forks source link

[Snyk] Upgrade jsonwebtoken from 9.0.1 to 9.0.2 #122

Closed michaellperry closed 10 months ago

michaellperry commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade jsonwebtoken from 9.0.1 to 9.0.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **1 version** ahead of your current version. - The recommended version was released **a month ago**, on 2023-08-30. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: jsonwebtoken
  • 9.0.2 - 2023-08-30

    Release 9.0.2 (#935)

      </li>
  <li>
    <b>9.0.1</b> - <a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/releases/tag/v9.0.1">2023-07-05</a></br><p>Updating package version to 9.0.1 (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1789927113" data-permission-text="Title is private" data-url="https://github.com/auth0/node-jsonwebtoken/issues/920" data-hovercard-type="pull_request" data-hovercard-url="/auth0/node-jsonwebtoken/pull/920/hovercard" href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/pull/920">#920</a>)</p>
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/releases">jsonwebtoken GitHub release notes</a>

Commit messages
Package name: jsonwebtoken
  • bc28861 Release 9.0.2 (#935)
  • 96b8906 refactor: use specific lodash packages (#933)
  • ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
  • 84539b2 Updating package version to 9.0.1 (#920)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs