Bump jsonwebtoken to ^9.0.0 to remove vulnerability. Upgraded mocha

mikenicholson / passport-jwt

Passport authentication using JSON Web Tokens

MIT License

1.96k stars 213 forks source link

Bump jsonwebtoken to ^9.0.0 to remove vulnerability. Upgraded mocha #245

Closed aperona-hai closed 1 year ago

aperona-hai commented 1 year ago

Jsonwebtoken is now set to ^9.0.0 in order to fix https://github.com/advisories/GHSA-27h2-hvpr-p74q
Also run npm audit fix to bump vulnerability in mocha

Nosferath commented 1 year ago

Please, let's have this merged. The audit step of my CI/CD is broken now, and I was unable to fix it by forcing the version of the sub-dependency.

stavert commented 1 year ago

Mine just broke also with snyk calling it out.

Shereef commented 1 year ago

This is so important thanks for making a PR

gamemaster-woodsremix commented 1 year ago

any idea when this is might get merged? :)

IgorKonovalov commented 1 year ago

Lets merge it asap, we have a CI audit broken

mikenicholson commented 1 year ago

Thanks for the PR. I went ahead and split these up to #247 and #248 just to enable easier git bisecting if I run into issues with one of the changes.

I'm going to close this out without merging since I think the other two merged PRs are equivalent, but feel free to call out anything I might have missed.