Update dependency express-jwt to v8 #186

mend-for-github-com · 2023-04-24T15:25:48Z

This PR contains the following updates:

Package	Type	Update	Change
express-jwt	dependencies	major	`0.1.3` -> `8.0.0`

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	9.8	CVE-2015-9235	#21
Critical	9.1	CVE-2020-15084	#46
High	8.1	CVE-2022-23539	#152
High	7.6	CVE-2022-23540	#153
High	7.5	CVE-2017-18214	#19
High	7.5	CVE-2022-24785	#106
Medium	6.5	CVE-2016-4055	#14
Medium	6.3	CVE-2022-23541	#154
Medium	5.3	WS-2016-0075	#25

Release Notes

auth0/express-jwt (express-jwt)

`v8.0.0`

Compare Source

Upgrade jsonwebtoken to v9. GHSA-27h2-hvpr-p74q .

Fix tsc build error for express-unless (e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)
Remove esModuleInterop and fix assert import in tests (9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)

`v7.7.2`

Compare Source

fix instaceof comparison for UnauthorizedError. closes #292 (6c87fe401ecba868feda1ffa530082c7c539321a), closes #292
update changelog (b1344fa7f6f9dd3d27115a9107b3ef4323733895)

`v7.7.1`

Compare Source

fix readme and package-lock (7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)
build(deps): required runtime types (f3f5af5c214241b4f92b91c49db8586ec20e4526)
docs: fix tiny typo (07e771857489b6344a8dc457069d040a76e84230)

`v7.7.0`

Compare Source

deprecate ExpressJwtRequest in favor of Request with optional auth, closes #284 (de169def56f98f4237741aa6755d0c5e248bd561), closes #284

`v7.6.2`

Compare Source

remove undefined from algorhitms fix #285 (587238bd0ad7a59f784daf9f626b9bf9abc7e029), closes #285

`v7.6.1`

Compare Source

add note about @types/jsonwebtoken in readme (03c8419d6fc78c9029a7b474d3aede7f94e80121)
make algorithms a required parameter in types. closes #285 (097a1df0d7ba511afce9578e4cf45bca2589b253), closes #285
update changelog (9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)

`v7.6.0`

Compare Source

add ExpressJwtRequestUnrequired to the readme (3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)
add SecretCallback[Long] back for backward compatibility (c24078e285908cad1c2ac0e63482a75ebf7d7328)
update changelog (d3a8e80dec3a6c261f840ad763487a16a47bbc4b)

`v7.5.2`

Compare Source

export another type for credentialsRequired: false / ExpressJwtRequestUnrequired (1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)

`v7.5.1`

Compare Source

make req.auth optional in the ExpressJwtRequest type (496fda4a0a20292ca70055b6ab8fdf50414ffa2b)
update changelog (727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)

`v7.5.0`

Compare Source

export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
improve readme and some types. Closes #283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #283
restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

`v7.4.3`

Compare Source

improve readme (bd2515bec698604c645decd5be93e4f401263662)

`v7.4.2`

Compare Source

include '/dist' in package, closes #280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #280

`v7.4.1`

Compare Source

fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

`v7.4.0`

Compare Source

handle authorization header in cors when is upper cased. fixes #180, #173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #180 #173

`v7.3.0`

Compare Source

add support for capital Authorization header. closes #200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #200

`v7.2.0`

Compare Source

Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

`v7.1.0`

Compare Source

add support for async, closes #249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #249
update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

`v7.0.0`

Compare Source

Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

`v6.1.2`

Compare Source

`v6.1.1`

Compare Source

`v6.1.0`

Compare Source

`v6.0.0`

Compare Source

`v5.3.3`

Compare Source

`v5.3.2`

Compare Source

`v5.3.1`

Compare Source

`v5.3.0`

Compare Source

`v5.1.0`

Compare Source

`v5.0.0`

Compare Source

`v3.4.0`

Compare Source

`v3.3.0`

Compare Source

`v3.2.0`

Compare Source

`v3.1.0`

Compare Source

`v3.0.1`

Compare Source

`v3.0.0`

Compare Source

`v2.1.0`

Compare Source

`v2.0.1`

Compare Source

`v2.0.0`

Compare Source

`v1.4.0`

Compare Source

`v1.3.1`

Compare Source

`v1.3.0`

Compare Source

`v1.2.0`

Compare Source

`v1.1.0`

Compare Source

`v1.0.0`

Compare Source

`v0.6.2`

Compare Source

`v0.5.0`

Compare Source

`v0.4.0`

Compare Source

`v0.3.2`

Compare Source

`v0.3.1`

Compare Source

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Apr 24, 2023

mend-for-github-com bot changed the title ~~Update dependency express-jwt to v8~~ Update dependency express-jwt to v8 - autoclosed Jun 16, 2023

mend-for-github-com bot closed this Jun 16, 2023

mend-for-github-com bot deleted the whitesource-remediate/express-jwt-8.x branch June 16, 2023 06:29

mend-for-github-com bot changed the title ~~Update dependency express-jwt to v8 - autoclosed~~ Update dependency express-jwt to v8 Jun 18, 2023

mend-for-github-com bot reopened this Jun 18, 2023

mend-for-github-com bot restored the whitesource-remediate/express-jwt-8.x branch June 18, 2023 20:00

Update dependency express-jwt to v8

9258bbd

mend-for-github-com bot force-pushed the whitesource-remediate/express-jwt-8.x branch from 00de06c to 9258bbd Compare June 18, 2023 20:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express-jwt to v8 #186

Update dependency express-jwt to v8 #186

mend-for-github-com bot commented Apr 24, 2023 •

edited

Update dependency express-jwt to v8 #186

Are you sure you want to change the base?

Update dependency express-jwt to v8 #186

Conversation

mend-for-github-com bot commented Apr 24, 2023 • edited

Release Notes

mend-for-github-com bot commented Apr 24, 2023 •

edited