search

node-apn / node-apn

:calling: Apple Push Notification module for Node.js
MIT License
4.37k stars 681 forks source link

Critical security vuln: jsonwebtoken #719

Open rynop opened 1 year ago

rynop commented 1 year ago

CVE Released on 12/21/2022. Please see https://thehackernews.com/2023/01/critical-security-flaw-found-in.html?m=1 and https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

Current support is ^8.1.0 per https://github.com/node-apn/node-apn/blob/master/package.json#L34

yovasx2 commented 1 year ago

https://github.com/node-apn/node-apn/pull/718

dchahla commented 7 months ago

easy-apn (npm) should fix your problem. no deps! 0 vuln. 7.7kb unpacked.