Update dependency express-jwt to v7 by dev-mend-for-github-com[bot] · Pull Request #6 · TankOrgDev/juice-shop

dev-mend-for-github-com · 2025-01-14T09:19:37Z

This PR contains the following updates:

Package	Type	Update	Change
express-jwt	dependencies	major	`0.1.3` → `7.7.8`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
Critical	9.8	CVE-2015-9235
High	7.7	CVE-2020-15084
High	7.5	CVE-2017-18214
Medium	6.5	CVE-2016-4055
Medium	6.4	CVE-2022-23540
Medium	5.9	CVE-2022-23539
Medium	5.0	CVE-2022-23541

Release Notes

auth0/express-jwt (express-jwt)

Fix tsc build error for express-unless (e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)
Remove esModuleInterop and fix assert import in tests (9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)

`v7.7.2`

Compare Source

fix instaceof comparison for UnauthorizedError. closes #292 (6c87fe401ecba868feda1ffa530082c7c539321a), closes #292
update changelog (b1344fa7f6f9dd3d27115a9107b3ef4323733895)

`v7.7.1`

Compare Source

fix readme and package-lock (7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)
build(deps): required runtime types (f3f5af5c214241b4f92b91c49db8586ec20e4526)
docs: fix tiny typo (07e771857489b6344a8dc457069d040a76e84230)

`v7.7.0`

Compare Source

deprecate ExpressJwtRequest in favor of Request with optional auth, closes #284 (de169def56f98f4237741aa6755d0c5e248bd561), closes #284

`v7.6.2`

Compare Source

remove undefined from algorhitms fix #285 (587238bd0ad7a59f784daf9f626b9bf9abc7e029), closes #285

`v7.6.1`

Compare Source

add note about @types/jsonwebtoken in readme (03c8419d6fc78c9029a7b474d3aede7f94e80121)
make algorithms a required parameter in types. closes #285 (097a1df0d7ba511afce9578e4cf45bca2589b253), closes #285
update changelog (9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)

`v7.6.0`

Compare Source

add ExpressJwtRequestUnrequired to the readme (3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)
add SecretCallback[Long] back for backward compatibility (c24078e285908cad1c2ac0e63482a75ebf7d7328)
update changelog (d3a8e80dec3a6c261f840ad763487a16a47bbc4b)

`v7.5.2`

Compare Source

export another type for credentialsRequired: false / ExpressJwtRequestUnrequired (1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)

`v7.5.1`

Compare Source

make req.auth optional in the ExpressJwtRequest type (496fda4a0a20292ca70055b6ab8fdf50414ffa2b)
update changelog (727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)

`v7.5.0`

Compare Source

export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
improve readme and some types. Closes #283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #283
restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

`v7.4.3`

Compare Source

improve readme (bd2515bec698604c645decd5be93e4f401263662)

`v7.4.2`

Compare Source

include '/dist' in package, closes #280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #280

`v7.4.1`

Compare Source

fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

`v7.4.0`

Compare Source

handle authorization header in cors when is upper cased. fixes #180, #173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #180 #173

`v7.3.0`

Compare Source

add support for capital Authorization header. closes #200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #200

`v7.2.0`

Compare Source

Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

`v7.1.0`

Compare Source

add support for async, closes #249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #249
update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

`v7.0.0`

Compare Source

Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

`v6.1.2`

Compare Source

`v6.1.1`

Compare Source

`v6.1.0`

Compare Source

`v6.0.0`

Compare Source

`v5.3.3`

Compare Source

`v5.3.2`

Compare Source

`v5.3.1`

Compare Source

`v5.3.0`

Compare Source

`v5.1.0`

Compare Source

`v5.0.0`

Compare Source

`v3.4.0`

Compare Source

`v3.3.0`

Compare Source

`v3.2.0`

Compare Source

`v3.1.0`

Compare Source

`v3.0.1`

Compare Source

`v3.0.0`

Compare Source

`v2.1.0`

Compare Source

`v2.0.1`

Compare Source

`v2.0.0`

Compare Source

`v1.4.0`

Compare Source

`v1.3.1`

Compare Source

`v1.3.0`

Compare Source

`v1.2.0`

Compare Source

`v1.1.0`

Compare Source

`v1.0.0`

Compare Source

`v0.6.2`

Compare Source

`v0.5.0`

Compare Source

`v0.4.0`

Compare Source

`v0.3.2`

Compare Source

`v0.3.1`

Compare Source

If you want to rebase/retry this PR, check this box

Update dependency express-jwt to v7

3c3eab9

dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Jan 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express-jwt to v7#6

Update dependency express-jwt to v7#6
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/express-jwt-7.x

dev-mend-for-github-com bot commented Jan 14, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dev-mend-for-github-com bot commented Jan 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dev-mend-for-github-com bot commented Jan 14, 2025 •

edited

Loading