[fix] update jsonwebtoken

koajs / jwt

Koa middleware for validating JSON Web Tokens

MIT License

1.34k stars 120 forks source link

[fix] update jsonwebtoken #193

Closed richardsimko closed 1 year ago

richardsimko commented 1 year ago

Describe the bug

jsonwebtoken has a number of CVEs published recently affecting version 8.x which are fixed in 9.0. Would it be possible to upgrade this project's dependency?

https://github.com/advisories/GHSA-27h2-hvpr-p74q https://github.com/advisories/GHSA-hjrf-2m68-5959 https://github.com/advisories/GHSA-qwph-4952-7xr6 https://github.com/advisories/GHSA-8cf7-32gw-wr33

plh97 commented 1 year ago

not yet fix, when i yarn install koa-jwt, it is still 8.5.1

plh97 commented 1 year ago

can you release a new version?

cdierkens commented 1 year ago

@richardsimko Looks like you already did the code work, just need an NPM release.

langell commented 1 year ago

Any update on this? Will this be patched or do we need to find a new jwt middleware?

sdd commented 1 year ago

Apologies for the delay! Published as v4.0.4