Skip to content
This repository has been archived by the owner on Mar 15, 2023. It is now read-only.

[Snyk] Security upgrade @nestjs/jwt from 9.0.0 to 10.0.0 #639

Merged
merged 2 commits into from
Dec 29, 2022
Merged

[Snyk] Security upgrade @nestjs/jwt from 9.0.0 to 10.0.0 #639

merged 2 commits into from
Dec 29, 2022

Conversation

lwojcik
Copy link
Owner

@lwojcik lwojcik commented Dec 27, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 671/1000
Why? Recently disclosed, Has a fix available, CVSS 7.7		 Improper Input Validation
SNYK-JS-JSONWEBTOKEN-3180020		 Yes No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 Yes No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 Yes No Known Exploit
medium severity 526/1000
Why? Recently disclosed, Has a fix available, CVSS 4.8		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nestjs/jwt The new version differs by 155 commits.
  • 0274acc Merge pull request #1144 from nestjs/renovate/typescript-eslint-monorepo
  • c6bbf14 Merge pull request #1150 from nestjs/renovate/prettier-2.x
  • 414aea3 chore(deps): update typescript-eslint monorepo to v5.47.1
  • 44fd45a chore(deps): update dependency prettier to v2.8.1
  • d8ed56a Merge pull request #1149 from nestjs/renovate/commitlint-monorepo
  • 74a21f9 Merge pull request #1057 from nestjs/renovate/jsonwebtoken-8.x
  • f367329 Merge pull request #1159 from nestjs/renovate/release-it-15.x
  • b3f4fc7 chore(deps): update dependency release-it to v15.5.1
  • 15ad133 chore(deps): update commitlint monorepo to v17.3.0
  • d14521f fix(deps): update dependency @ types/jsonwebtoken to v8.5.9
  • cc04cce Merge pull request #1158 from nestjs/renovate/node-18.x
  • 3ebfaf0 chore(deps): update dependency @ types/node to v18.11.18
  • a14a3be Merge pull request #1146 from nestjs/renovate/typescript-4.x
  • df59940 chore(deps): update dependency typescript to v4.9.4
  • e5661b9 Merge pull request #1157 from nestjs/dependabot/npm_and_yarn/minimatch-3.1.2
  • 8d74976 Merge pull request #1151 from nestjs/renovate/lint-staged-13.x
  • 76b0ee3 Merge pull request #1148 from nestjs/renovate/eslint-8.x
  • f3dd100 chore(deps): bump minimatch from 3.0.4 to 3.1.2
  • 7b3319a chore(deps): update dependency lint-staged to v13.1.0
  • a97c753 Merge pull request #1145 from nestjs/renovate/jest-monorepo
  • 73a7440 Merge pull request #1155 from nestjs/renovate/npm-jsonwebtoken-vulnerability
  • 8a6a459 chore(deps): update dependency eslint to v8.30.0
  • 20c2366 chore(deps): update dependency @ types/jest to v29.2.4
  • 98a4464 chore(deps): update dependency jsonwebtoken to 9.0.0 [security]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

@codecov
Copy link

codecov bot commented Dec 27, 2022
edited
Loading

Codecov Report

Merging #639 (2e2a19b) into master (7d5fba0) will not change coverage.
The diff coverage is n/a.

❗ Current head 2e2a19b differs from pull request most recent head 44f9b6f. Consider uploading reports for the commit 44f9b6f to get more accurate results

@@           Coverage Diff           @@
##           master     #639   +/-   ##
=======================================
  Coverage   77.57%   77.57%           
=======================================
  Files          63       63           
  Lines         495      495           
  Branches       26       26           
=======================================
  Hits          384      384           
  Misses        109      109           
  Partials        2        2

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@mergify mergify bot merged commit 1394189 into master Dec 29, 2022
@mergify mergify bot deleted the snyk-fix-18bee96ecfec952dc700cfc171700a98 branch December 29, 2022 00:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
ready-to-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lwojcik @snyk-bot