search

rithinch / event-driven-microservices-docker-example

🐳 Simple example of event driven communication between microservices, based on Docker containers, Docker Compose and RabbitMQ. Microservices are implemented in Node.js using Koa.
MIT License
248 stars 84 forks source link

[Snyk] Security upgrade koa-jwt from 3.6.0 to 4.0.4 #43

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 671/1000
Why? Recently disclosed, Has a fix available, CVSS 7.7		 Improper Input Validation
SNYK-JS-JSONWEBTOKEN-3180020		 Yes No Known Exploit
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 Yes No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 Yes No Known Exploit
medium severity 626/1000
Why? Recently disclosed, Has a fix available, CVSS 6.8		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: koa-jwt The new version differs by 46 commits.
  • ac272c0 4.0.4
  • 0599444 Bump jsonwebtoken from 8.5.1 to 9.0.0
  • 634c5c0 Bump qs from 6.9.3 to 6.11.0 (#192)
  • aabdf9d Bump ansi-regex from 3.0.0 to 3.0.1 (#190)
  • 54abffc Bump minimist from 1.2.5 to 1.2.6 (#189)
  • 8ae721d Bump pathval from 1.1.0 to 1.1.1 (#187)
  • 81e326b chore: bump to 4.0.3
  • 3e83be9 4.0.2
  • c667787 Export more interfaces
  • 45bdca6 Bump path-parse from 1.0.6 to 1.0.7 (#184)
  • e944009 Bump glob-parent from 5.1.1 to 5.1.2
  • 3fb4bb7 Bump lodash from 4.17.19 to 4.17.21
  • e1d9f1e 4.0.1
  • aa6e10a Bump y18n from 4.0.0 to 4.0.1
  • d663492 Bump lodash from 4.17.15 to 4.17.19
  • 8ac436f Fix typing of `getToken`
  • f694cb6 support leading/trailing whitespace in Authorization header value
  • c073cf2 4.0.0
  • 735b89d Add missing options:
  • fa27b12 Detail explicitly middleware's options in README
  • d7f9678 Fix typing of `path` property (#172)
  • 7454df4 Merge pull request #157 from buuug7/master
  • c680e0c chore: bump deps, update yarn.lock
  • 98f2d7d Update the repo 🚀 ! (#167)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication