[Snyk] Security upgrade passport-jwt from 4.0.0 to 4.0.1
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- server/package.json
- server/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7 |
Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 |
No | No Known Exploit | |
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 |
No | No Known Exploit | |
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 |
No | No Known Exploit | |
526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8 |
Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: passport-jwt
The new version differs by 31 commits.- fed94fa 4.0.1 release
- cfb5566 Merge pull request #248 from mikenicholson/update-minmatch
- 8e4ad5b Address minmatch vulnerability
- e9cf2ce Merge pull request #247 from mikenicholson/jsonwebtoken-9
- bfbc6cc Update jsonwebtoken to 9.0.0
- a49b43e Update minimist due to prototype pollution vulnerability in previous version
- a5137c6 Merge pull request #192 from markhoney/patch-1
- ea824cd Update jsonwebtoken and run npm audit fix
- 8e57eec Remove older node versions shiping npm without support for "ci"
- 3ab9305 Add CI workflow in GitHub Actions
- 96a6e55 Merge pull request #218 from Sambego/patch-1
- 809cdbf Update Auth0 sponsorship link
- ec35fa4 Add nodejs 13 & 14 to CI
- 2cab4dd Update mocha to resolve vulnerabilities
- b196eb8 Use nyc for coverage
- ddafcd2 Fix typo
- 6b92631 Merge pull request #176 from epicfaace/patch-1
- 154af70 Stop building for Node v5 and earlier
- d311551 Add newer node versions to Travis CI build
- 0e39a48 Update dependencies to resolve vulnerabilities.
- d488147 Update URLs to reference new GitHub username
- 89152d5 Rename extrators-test.js to extractors-test.js
- 0bb68bf Clarify use of custom extractor function.
- 499bd4a Add js formatting to extractor example in README.
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: