Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump jsonwebtoken to ^9.0.0 to remove vulnerability. Upgraded mocha #245

Closed
wants to merge 1 commit into from
Closed

Bump jsonwebtoken to ^9.0.0 to remove vulnerability. Upgraded mocha #245

wants to merge 1 commit into from

Conversation

aperona-hai
Copy link

  • Jsonwebtoken is now set to ^9.0.0 in order to fix GHSA-27h2-hvpr-p74q
  • Also run npm audit fix to bump vulnerability in mocha

@aperona-hai aperona-hai mentioned this pull request Dec 22, 2022
Closed
@Nosferath
Copy link

Please, let's have this merged. The audit step of my CI/CD is broken now, and I was unable to fix it by forcing the version of the sub-dependency.

@stavert
Copy link

stavert commented Dec 22, 2022

Mine just broke also with snyk calling it out.

@Shereef
Copy link

Shereef commented Dec 22, 2022

This is so important thanks for making a PR

@gamemaster-woodsremix
Copy link

any idea when this is might get merged? :)

dfernandesbsolus
dfernandesbsolus approved these changes Dec 23, 2022
View reviewed changes
Copy link

@dfernandesbsolus dfernandesbsolus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got compatibility version 8 -> 9 and there is nothing problems.

https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

@IgorKonovalov
Copy link

Lets merge it asap, we have a CI audit broken

@mikenicholson
Copy link
Owner

Thanks for the PR. I went ahead and split these up to #247 and #248 just to enable easier git bisecting if I run into issues with one of the changes.

I'm going to close this out without merging since I think the other two merged PRs are equivalent, but feel free to call out anything I might have missed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dfernandesbsolus dfernandesbsolus dfernandesbsolus approved these changes

@Shereef Shereef Shereef approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@aperona-hai @Nosferath @stavert @Shereef @gamemaster-woodsremix @IgorKonovalov @mikenicholson @dfernandesbsolus