Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] update jsonwebtoken #193

Closed
richardsimko opened this issue Dec 22, 2022 · 5 comments
Closed

[fix] update jsonwebtoken #193

richardsimko opened this issue Dec 22, 2022 · 5 comments
Labels
bug

Comments

@richardsimko
Copy link

richardsimko commented Dec 22, 2022
edited
Loading

Describe the bug

jsonwebtoken has a number of CVEs published recently affecting version 8.x which are fixed in 9.0. Would it be possible to upgrade this project's dependency?

GHSA-27h2-hvpr-p74q
GHSA-hjrf-2m68-5959
GHSA-qwph-4952-7xr6
GHSA-8cf7-32gw-wr33
@richardsimko richardsimko mentioned this issue Dec 23, 2022
Merged
@plh97
Copy link

plh97 commented Jan 3, 2023

not yet fix, when i yarn install koa-jwt, it is still 8.5.1
image

@plh97
Copy link

plh97 commented Jan 3, 2023

can you release a new version?

@cdierkens
Copy link

@richardsimko Looks like you already did the code work, just need an NPM release.

@langell
Copy link

langell commented Jan 6, 2023

Any update on this? Will this be patched or do we need to find a new jwt middleware?

@sdd
Copy link
Collaborator

sdd commented Jan 8, 2023

Apologies for the delay! Published as v4.0.4

@sdd sdd closed this as completed Jan 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sdd @langell @richardsimko @cdierkens @plh97