[Snyk] Upgrade jwks-rsa from 2.1.2 to 2.1.5

[noahchernet]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade jwks-rsa from 2.1.2 to 2.1.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 8 months ago, on 2022-10-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-JOSE-3018688	265/1000 Why? CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: jwks-rsa

• 2.1.5 - 2022-10-10
  

  Fixed

  • Fix GetVerificationKey typing to include undefined #329 (AaronMoat)

  fixes #325

• 2.1.4 - 2022-06-07
  

  Fixed

  • Type definitions depend on jsonwebtoken #314 (adamjmcgrath)
• 2.1.3 - 2022-05-20
  

  Fixed

  • Fix issue with ES Express import #310 (adamjmcgrath)
• 2.1.2 - 2022-05-12
  

  Fixed

  • fix: express build error #304 (blindperson)

from jwks-rsa GitHub release notes

Commit messages

Package name: jwks-rsa

• 83e9327 Merge pull request #330 from auth0/release/v2.1.5
• 9d262c5 Release v2.1.5
• 023eb4a Merge pull request #322 from auth0/dependabot/npm_and_yarn/examples/passport-demo/passport-0.6.0
• 9603747 Merge branch 'master' into dependabot/npm_and_yarn/examples/passport-demo/passport-0.6.0
• 9574b04 Merge pull request #329 from AaronMoat/fix-express-jwt-secret-typing
• 51676fc Merge branch 'master' into fix-express-jwt-secret-typing
• f4bedd4 Fix GetVerificationKey typing to include undefined
• cb38250 Merge branch 'master' into dependabot/npm_and_yarn/examples/passport-demo/passport-0.6.0
• d8992ad Merge pull request #321 from auth0/dependabot/npm_and_yarn/passport-0.6.0
• f6b15a6 Merge branch 'master' into dependabot/npm_and_yarn/passport-0.6.0
• 0602619 Merge pull request #327 from auth0/adamjmcgrath-patch-2
• bdf4f0c Update README.md
• 15b4747 Update README.md
• f023862 [Snyk] Upgrade @ types/express from 4.17.13 to 4.17.14 (#326)
• 137cef3 [Snyk] Upgrade @ types/jsonwebtoken from 8.5.8 to 8.5.9 (#323)
• f2888bb Bump passport from 0.4.0 to 0.6.0 in /examples/passport-demo
• bcf9b57 Bump passport from 0.4.1 to 0.6.0
• 04dc3a8 [Snyk] Security upgrade jose from 2.0.5 to 2.0.6 (#320)
• fcfd33c Update Codecov (#318)
• c6f7c08 Update .semgrepignore
• cd8955f Create .semgrepignore
• 11960d8 Create semgrep.yml
• bb6997b Merge pull request #315 from auth0/release/v2.1.4
• 1e9ae31 Release v2.1.4

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
avalon-bugtracker	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 5, 2023 8:17pm