Update dependency express-jwt to v8 by mend-for-github-com[bot] · Pull Request #26 · tomer-mobb/juice-shop

mend-for-github-com · 2023-11-10T05:16:18Z

This PR contains the following updates:

Package	Type	Update	Change
express-jwt	dependencies	major	`0.1.3` -> `8.0.0`

By merging this PR, the issue #8 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2015-9235
Critical	9.1	CVE-2020-15084
High	8.1	CVE-2022-23539
High	7.6	CVE-2022-23540
High	7.5	CVE-2017-18214
High	7.5	CVE-2022-24785
Medium	6.5	CVE-2016-4055
Medium	6.3	CVE-2022-23541
Medium	5.3	WS-2016-0075

Release Notes

auth0/express-jwt

`v8.0.0`

Compare Source

Upgrade jsonwebtoken to v9. GHSA-27h2-hvpr-p74q .

Fix tsc build error for express-unless (e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)
Remove esModuleInterop and fix assert import in tests (9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)

`v7.7.2`

Compare Source

fix instaceof comparison for UnauthorizedError. closes #292 (6c87fe401ecba868feda1ffa530082c7c539321a), closes #292
update changelog (b1344fa7f6f9dd3d27115a9107b3ef4323733895)

`v7.7.1`

Compare Source

fix readme and package-lock (7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)
build(deps): required runtime types (f3f5af5c214241b4f92b91c49db8586ec20e4526)
docs: fix tiny typo (07e771857489b6344a8dc457069d040a76e84230)

`v7.7.0`

Compare Source

deprecate ExpressJwtRequest in favor of Request with optional auth, closes #284 (de169def56f98f4237741aa6755d0c5e248bd561), closes #284

`v7.6.2`

Compare Source

remove undefined from algorhitms fix #285 (587238bd0ad7a59f784daf9f626b9bf9abc7e029), closes #285

`v7.6.1`

Compare Source

add note about @types/jsonwebtoken in readme (03c8419d6fc78c9029a7b474d3aede7f94e80121)
make algorithms a required parameter in types. closes #285 (097a1df0d7ba511afce9578e4cf45bca2589b253), closes #285
update changelog (9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)

`v7.6.0`

Compare Source

add ExpressJwtRequestUnrequired to the readme (3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)
add SecretCallback[Long] back for backward compatibility (c24078e285908cad1c2ac0e63482a75ebf7d7328)
update changelog (d3a8e80dec3a6c261f840ad763487a16a47bbc4b)

`v7.5.2`

Compare Source

export another type for credentialsRequired: false / ExpressJwtRequestUnrequired (1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)

`v7.5.1`

Compare Source

make req.auth optional in the ExpressJwtRequest type (496fda4a0a20292ca70055b6ab8fdf50414ffa2b)
update changelog (727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)

`v7.5.0`

Compare Source

export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
improve readme and some types. Closes #283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #283
restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

`v7.4.3`

Compare Source

improve readme (bd2515bec698604c645decd5be93e4f401263662)

`v7.4.2`

Compare Source

include '/dist' in package, closes #280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #280

`v7.4.1`

Compare Source

fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

`v7.4.0`

Compare Source

handle authorization header in cors when is upper cased. fixes #180, #173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #180 #173

`v7.3.0`

Compare Source

add support for capital Authorization header. closes #200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #200

`v7.2.0`

Compare Source

Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

`v7.1.0`

Compare Source

add support for async, closes #249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #249
update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

`v7.0.0`

Compare Source

Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

`v6.1.2`

Compare Source

`v6.1.1`

Compare Source

`v6.1.0`

Compare Source

`v6.0.0`

Compare Source

`v5.3.3`

Compare Source

`v5.3.2`

Compare Source

`v5.3.1`

Compare Source

`v5.3.0`

Compare Source

`v5.1.0`

Compare Source

`v5.0.0`

Compare Source

`v3.4.0`

Compare Source

`v3.3.0`

Compare Source

`v3.2.0`

Compare Source

`v3.1.0`

Compare Source

`v3.0.1`

Compare Source

`v3.0.0`

Compare Source

`v2.1.0`

Compare Source

`v2.0.1`

Compare Source

`v2.0.0`

Compare Source

`v1.4.0`

Compare Source

`v1.3.1`

Compare Source

`v1.3.0`

Compare Source

`v1.2.0`

Compare Source

`v1.1.0`

Compare Source

`v1.0.0`

Compare Source

`v0.6.2`

Compare Source

`v0.5.0`

Compare Source

`v0.4.0`

Compare Source

`v0.3.2`

Compare Source

`v0.3.1`

Compare Source

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 10, 2023

mend-for-github-com bot changed the title ~~Update dependency express-jwt to v8~~ Update dependency express-jwt to v8 - autoclosed Nov 21, 2023

mend-for-github-com bot closed this Nov 21, 2023

mend-for-github-com bot deleted the whitesource-remediate/express-jwt-8.x branch November 21, 2023 18:30

mend-for-github-com bot changed the title ~~Update dependency express-jwt to v8 - autoclosed~~ Update dependency express-jwt to v8 Nov 23, 2023

mend-for-github-com bot reopened this Nov 23, 2023

mend-for-github-com bot restored the whitesource-remediate/express-jwt-8.x branch November 23, 2023 06:55

Update dependency express-jwt to v8

7bd3697

mend-for-github-com bot force-pushed the whitesource-remediate/express-jwt-8.x branch from 05aaa0e to 7bd3697 Compare November 23, 2023 06:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency express-jwt to v8#26

Update dependency express-jwt to v8#26
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/express-jwt-8.x

mend-for-github-com bot commented Nov 10, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

mend-for-github-com bot commented Nov 10, 2023

Release Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants