Update dependency express-jwt to v7 #12

mend-for-github-com · 2024-12-18T03:06:35Z

This PR contains the following updates:

Package	Type	Update	Change
express-jwt	dependencies	major	`0.1.3` -> `7.7.8`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2015-9235
High	7.7	CVE-2020-15084
High	7.5	CVE-2017-18214
High	7.5	CVE-2022-24785
Medium	6.5	CVE-2016-4055
Medium	6.4	CVE-2022-23540
Medium	5.9	CVE-2022-23539
Medium	5.3	WS-2016-0075
Medium	5.0	CVE-2022-23541

Release Notes

auth0/express-jwt (express-jwt)

Fix tsc build error for express-unless (e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)
Remove esModuleInterop and fix assert import in tests (9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)

`v7.7.2`

Compare Source

fix instaceof comparison for UnauthorizedError. closes #292 (6c87fe401ecba868feda1ffa530082c7c539321a), closes #292
update changelog (b1344fa7f6f9dd3d27115a9107b3ef4323733895)

`v7.7.1`

Compare Source

fix readme and package-lock (7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)
build(deps): required runtime types (f3f5af5c214241b4f92b91c49db8586ec20e4526)
docs: fix tiny typo (07e771857489b6344a8dc457069d040a76e84230)

`v7.7.0`

Compare Source

deprecate ExpressJwtRequest in favor of Request with optional auth, closes #284 (de169def56f98f4237741aa6755d0c5e248bd561), closes #284

`v7.6.2`

Compare Source

remove undefined from algorhitms fix #285 (587238bd0ad7a59f784daf9f626b9bf9abc7e029), closes #285

`v7.6.1`

Compare Source

add note about @types/jsonwebtoken in readme (03c8419d6fc78c9029a7b474d3aede7f94e80121)
make algorithms a required parameter in types. closes #285 (097a1df0d7ba511afce9578e4cf45bca2589b253), closes #285
update changelog (9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)

`v7.6.0`

Compare Source

add ExpressJwtRequestUnrequired to the readme (3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)
add SecretCallback[Long] back for backward compatibility (c24078e285908cad1c2ac0e63482a75ebf7d7328)
update changelog (d3a8e80dec3a6c261f840ad763487a16a47bbc4b)

`v7.5.2`

Compare Source

export another type for credentialsRequired: false / ExpressJwtRequestUnrequired (1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)

`v7.5.1`

Compare Source

make req.auth optional in the ExpressJwtRequest type (496fda4a0a20292ca70055b6ab8fdf50414ffa2b)
update changelog (727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)

`v7.5.0`

Compare Source

export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
improve readme and some types. Closes #283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #283
restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

`v7.4.3`

Compare Source

improve readme (bd2515bec698604c645decd5be93e4f401263662)

`v7.4.2`

Compare Source

include '/dist' in package, closes #280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #280

`v7.4.1`

Compare Source

fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

`v7.4.0`

Compare Source

handle authorization header in cors when is upper cased. fixes #180, #173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #180 #173

`v7.3.0`

Compare Source

add support for capital Authorization header. closes #200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #200

`v7.2.0`

Compare Source

Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

`v7.1.0`

Compare Source

add support for async, closes #249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #249
update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

`v7.0.0`

Compare Source

Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

`v6.1.2`

Compare Source

`v6.1.1`

Compare Source

`v6.1.0`

Compare Source

`v6.0.0`

Compare Source

`v5.3.3`

Compare Source

`v5.3.2`

Compare Source

`v5.3.1`

Compare Source

`v5.3.0`

Compare Source

`v5.1.0`

Compare Source

`v5.0.0`

Compare Source

`v3.4.0`

Compare Source

`v3.3.0`

Compare Source

`v3.2.0`

Compare Source

`v3.1.0`

Compare Source

`v3.0.1`

Compare Source

`v3.0.0`

Compare Source

`v2.1.0`

Compare Source

`v2.0.1`

Compare Source

`v2.0.0`

Compare Source

`v1.4.0`

Compare Source

`v1.3.1`

Compare Source

`v1.3.0`

Compare Source

`v1.2.0`

Compare Source

`v1.1.0`

Compare Source

`v1.0.0`

Compare Source

`v0.6.2`

Compare Source

`v0.5.0`

Compare Source

`v0.4.0`

Compare Source

`v0.3.2`

Compare Source

`v0.3.1`

Compare Source

If you want to rebase/retry this PR, check this box

Update dependency express-jwt to v7

0708396

mend-for-github-com bot added the security fix Security fix generated by Mend label Dec 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express-jwt to v7 #12

Update dependency express-jwt to v7 #12

mend-for-github-com bot commented Dec 18, 2024

Update dependency express-jwt to v7 #12

Are you sure you want to change the base?

Update dependency express-jwt to v7 #12

Conversation

mend-for-github-com bot commented Dec 18, 2024

Release Notes