Critical vulnerability: deprecated jsonwebtoken and jws

sane / sane-auth

A Sane Stack Addon giving you basic JWT-OAuth2 authentication for the full stack

14 stars 4 forks source link

Critical vulnerability: deprecated jsonwebtoken and jws #15

Closed Jan-Jan closed 9 years ago

Jan-Jan commented 9 years ago

Installation of sane-auth includes warnings:

npm WARN deprecated jsonwebtoken@3.2.2: Critical vulnerability fix in v5.0.0. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
npm WARN deprecated jws@1.0.1: Security update: Versions below 3.0.0 are deprecated.

Globegitter commented 9 years ago

Ah yeah - this is fixed in master via ff9698568292702610dcb66b39eef2c9f778b00c but not published yet. Will do asap.