jwt bumped from v8 to v9 and to avoid breaking changes for users with RSA keys < 2046 bits the check is by default turned off (config.authentication.jwt.allowInsecureKeySizes = true). Instead a warning is logged when this setting is true.
jsdoc templates had security issues w/o any clear update or replacement - so instead the default (non-dark) theme is used for source code documentation.
This change does not handle all the security issues reported - but since all tests are passing this is a good milestone.
jwt bumped from v8 to v9 and to avoid breaking changes for users with RSA keys < 2046 bits the check is by default turned off (
config.authentication.jwt.allowInsecureKeySizes = true). Instead a warning is logged when this setting is true.jsdoc templates had security issues w/o any clear update or replacement - so instead the default (non-dark) theme is used for source code documentation.
This change does not handle all the security issues reported - but since all tests are passing this is a good milestone.