Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jsonwebtoken library #120

Closed
TheVaan opened this issue Dec 22, 2022 · 3 comments · Fixed by #128
Closed

Upgrade jsonwebtoken library #120

TheVaan opened this issue Dec 22, 2022 · 3 comments · Fixed by #128
Labels
bounty:$50 Bounty applies for fixing this issue (Parse Bounty Program) type:bug

Comments

@TheVaan
Copy link

TheVaan commented Dec 22, 2022

jsonwebtoken 8.5.1 has security vulnerability GHSA-27h2-hvpr-p74q. Please upgrade to 9.0.0.
@parse-github-assistant
Copy link

Thanks for opening this issue!

  • ❌ Please edit your post and use the provided template when creating a new issue. This helps everyone to understand your post better and asks for essential information to quicker review the issue.

@ZissisT
Copy link

ZissisT commented Feb 1, 2023

This is a critical issue, and it is self-explanatory, current node-apn uses a library version that has security vulnerability. This needs to be updated soon. Does this need a re-submission using template? Or should @TheVaan edit the post in order for this be handled?
Thank you

@mtrezza
Copy link
Member

mtrezza commented Jul 16, 2023

I added a bounty label, so hopefully someone will be motivated to submit a PR.

@mtrezza mtrezza added type:bug bounty:$50 Bounty applies for fixing this issue (Parse Bounty Program) labels Jul 16, 2023
@mtrezza mtrezza linked a pull request Jul 16, 2023 that will close this issue
fix: Security upgrade jsonwebtoken from 8.5.1 to 9.0.0 #128
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bounty:$50 Bounty applies for fixing this issue (Parse Bounty Program) type:bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Security upgrade jsonwebtoken from 8.5.1 to 9.0.0 parse-community/node-apn
3 participants
@TheVaan @mtrezza @ZissisT