search

mikenicholson / passport-jwt

Passport authentication using JSON Web Tokens
MIT License
1.96k stars 213 forks source link

vulnerability in passport-jwt's dependancy jsonwebtoken #244

Closed rprakash05 closed 1 year ago

rprakash05 commented 1 year ago

Updating to jsonwebtoken's latest version 9.0.0 resolves the vulnerability Vulnerability details : https://github.com/advisories/GHSA-27h2-hvpr-p74q

PetrShchukin commented 1 year ago

Same here, using it with nest.js for JWT strategies, getting a high vulnerability. image

dfernandesbsolus commented 1 year ago

We have the same problem!

aperona-hai commented 1 year ago

Went ahead and created https://github.com/mikenicholson/passport-jwt/pull/245

Shereef commented 1 year ago

@mikenicholson Please merge #245 and release ASAP Snyk is stopping our app from going to production with this version

Thank you!

prince-kumar95 commented 1 year ago

I'm too facing this issues with snyk. @mikenicholson please let me know when will this be merged and released. Thanks

mikenicholson commented 1 year ago

4.0.1 bumps the jsonwebtoken dependnecy and has been release to NPM

Shereef commented 1 year ago

Thanks so much !!