From 1072afa723c45f7753a0d65611c7df9a8a5fae65 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 10 Jan 2023 07:27:59 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026 --- package-lock.json | 56 ++++++++++++++++++++++++++++++++++++++++++----- package.json | 2 +- 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index c858760..b621363 100644 --- a/package-lock.json +++ b/package-lock.json @@ -486,14 +486,58 @@ } }, "@loopback/authentication-jwt": { - "version": "0.9.0", - "resolved": "https://registry.npmjs.org/@loopback/authentication-jwt/-/authentication-jwt-0.9.0.tgz", - "integrity": "sha512-WhUQJrQmNbwEjXQHOdDXC2SRpnJHmwT7sY0OHuIhG9/rIb+f6wW4G+SZ7XSp2Ta73PXvTREn1e3YP/B61JE98Q==", + "version": "0.12.7", + "resolved": "https://registry.npmjs.org/@loopback/authentication-jwt/-/authentication-jwt-0.12.7.tgz", + "integrity": "sha512-EpPXMNkuhENyyaTzZx9PHh143Utngcz1ZDCvv62AEisVrekZbjd2OlPGvzBhgjxHWUYXHiiwCJnzq9r5DCoy2w==", "requires": { - "@loopback/security": "^0.5.0", + "@loopback/security": "^0.8.7", "@types/bcryptjs": "2.4.2", "bcryptjs": "^2.4.3", - "jsonwebtoken": "^8.5.1" + "debug": "^4.3.4", + "jsonwebtoken": "^9.0.0" + }, + "dependencies": { + "@loopback/security": { + "version": "0.8.7", + "resolved": "https://registry.npmjs.org/@loopback/security/-/security-0.8.7.tgz", + "integrity": "sha512-IyiPRRn4Xh9a1GcMu//O97IFNmc1IFByAIhxT/73CgLfvJu9P6A5g0s4V+L0uXFKZXXwIiASZZZ7zEQkhM7Baw==", + "requires": { + "debug": "^4.3.4", + "tslib": "^2.4.1" + } + }, + "debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "requires": { + "ms": "2.1.2" + } + }, + "jsonwebtoken": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz", + "integrity": "sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==", + "requires": { + "jws": "^3.2.2", + "lodash": "^4.17.21", + "ms": "^2.1.1", + "semver": "^7.3.8" + } + }, + "semver": { + "version": "7.3.8", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", + "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "requires": { + "lru-cache": "^6.0.0" + } + }, + "tslib": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz", + "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==" + } } }, "@loopback/boot": { @@ -1543,7 +1587,7 @@ "bcryptjs": { "version": "2.4.3", "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz", - "integrity": "sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms=" + "integrity": "sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==" }, "binary-extensions": { "version": "2.2.0", diff --git a/package.json b/package.json index 55dc552..e78e21b 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ ], "dependencies": { "@loopback/authentication": "^7.3.0", - "@loopback/authentication-jwt": "^0.9.0", + "@loopback/authentication-jwt": "^0.12.7", "@loopback/boot": "^3.4.0", "@loopback/context": "^3.16.0", "@loopback/core": "^2.16.0",