likecoin / puttyimages-web

Website for images adopted Like protocol.
https://dev.puttyimages.com/
GNU General Public License v3.0
18 stars 10 forks source link

[Snyk] Security upgrade express-jwt from 5.3.1 to 6.0.0 #237

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Authorization Bypass
SNYK-JS-EXPRESSJWT-575022
Yes No Known Exploit
Commit messages
Package name: express-jwt The new version differs by 11 commits.
  • 678f3b0 6.0.0
  • 7ecab5f Merge pull request from GHSA-6g6m-m6h5-w9gf
  • 304a1c5 Made algorithms mandatory
  • e9ed6d2 5.3.3
  • 8662579 Make clearer sections in the Readme
  • d3e86bf Update README.md
  • c5d8419 Add a note about OAuth2 bearer tokens
  • 888f0e9 Update Readme and use a consistent JS style for code examples
  • 6591014 5.3.2
  • f4f4d1d fix license field
  • 1789282 fix dependencies vulnerabilities and test against 8, 10 and 12 from now on
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic