Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Currently trending on Twitter, Has a fix available, CVSS 7.7
SNYK-JS-JSONWEBTOKEN-3180020
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: fastify-jwt
The new version differs by 35 commits.- d84c947 Bumped v4.0.0
- c3a30aa feat: Replacing jsonwebtoken with fast-jwt (#184)
- 020edb5 build(dependabot): ignore minor and patch github-actions updates (#192)
- 84b7936 fix: ECDSA key pair generation and related documentation (#191)
- a3d38de build(deps): bump fastify/github-action-merge-dependabot (#190)
- 4244d7f build(deps-dev): bump tsd from 0.18.0 to 0.19.0 (#189)
- 0c66d87 build(deps): bump actions/checkout from 2.3.5 to 2.4.0 (#186)
- d62387e build(deps): bump actions/checkout from 2.3.4 to 2.3.5 (#183)
- d33bff1 Bumped v3.2.1
- d3925dd Fix missing Typescript properties for namespaces (#182)
- f943e0d build(deps-dev): bump tsd from 0.17.0 to 0.18.0 (#181)
- c19ad23 Bumped v3.2.0
- 99fdbd9 Expose jwtDecode for fastly-auth0-verify (#178)
- f171789 build(deps): bump actions/setup-node from 2.4.0 to 2.4.1 (#180)
- df179dd build(deps): bump fastify/github-action-merge-dependabot (#179)
- 42ca67e Bumped v3.1.0
- 577b1d9 feat: add namespaces (#175)
- b174dd0 Improved README for module augmentation (#177)
- 096a878 build(deps): bump fastify/github-action-merge-dependabot (#171)
- c97d3e9 build(deps): bump fastify/github-action-merge-dependabot (#170)
- b3da9af build(deps): bump actions/setup-node from 2.3.2 to 2.4.0 (#169)
- bd89032 build(deps): bump actions/setup-node from 2.3.1 to 2.3.2 (#168)
- 01c4626 build(deps): bump actions/setup-node from 2.3.0 to 2.3.1 (#167)
- b57fc83 Bumped v3.0.1
See the full diffPackage name: jsonwebtoken
The new version differs by 17 commits.- e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
- 5eaedbf chore(ci): remove github test actions job (#861)
- cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
- ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
- 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
- 7e6a86b Upload OpsLevel YAML (#849)
- 74d5719 docs: update references vercel/ms references (#770)
- d71e383 docs: document "invalid token" error
- 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
- a46097e docs: make decode impossible to discover before verify
- 15a1bc4 refactor: make decode non-enumerable
- 5f10bf9 docs: add jwtid to options of jwt.verify (#704)
- 88cb9df Replace tilde-indexOf with includes (#647)
- a6235fa Adds not to README on decoded payload validation (#646)
- 5ed1f06 docs: fix tiny style change in readme (#622)
- 9fb90ca style: add missing semicolon (#641)
- a9e38b8 ci: use circleci (#589)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.