Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jsonwebtoken 8.5.1 has vulernability #88

Closed
electblake opened this issue Dec 23, 2022 · 4 comments
Closed

jsonwebtoken 8.5.1 has vulernability #88

electblake opened this issue Dec 23, 2022 · 4 comments

Comments

@electblake
Copy link

See https://security.snyk.io/package/npm/jsonwebtoken/8.5.1 for details, but npm audit also returns similar

Upgrading to jsonwebtoken >= 9.0.0 is recommended
@electblake electblake mentioned this issue Dec 23, 2022
Open
@levino
Copy link
Owner

levino commented Dec 23, 2022

Will upgrade. However since jsonwebtoken@8.5.1 will be peer dependency of a dev dependency in your project, jsonwebtoken@8.5.1 should never be run in production for your app. Upgrading here is a good idea but not super urgent, if I am not misunderstood.

Do you know why they did not release as 8.5.2? What is the breaking change?

@levino
Copy link
Owner

levino commented Dec 23, 2022

For reference, here are the breaking changes https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

@levino
Copy link
Owner

levino commented Dec 23, 2022

Closed by #87

@levino levino closed this as completed Dec 23, 2022
@levino
Copy link
Owner

levino commented Dec 23, 2022

Released. Enjoy!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@electblake @levino