Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependent package jsonwebtoken 8.5.1 is deprecated and having security issues #286

Closed
mohkhodeer opened this issue Dec 22, 2022 · 2 comments · Fixed by #290
Closed

dependent package jsonwebtoken 8.5.1 is deprecated and having security issues #286

mohkhodeer opened this issue Dec 22, 2022 · 2 comments · Fixed by #290
Assignees
@abod-akhras
Labels
released

Comments

@mohkhodeer
Copy link

mohkhodeer commented Dec 22, 2022
edited
Loading

ibmcloud-appid package uses jsonwebtoken 8.5.1 which is deprecated now and having security issues
jsonwebtoken 9.0.0 is available now, any plans to update ibmcloud-appid to use the newer version of jsonwebtoken package?
Thanks
@spraju92
Copy link

spraju92 commented Dec 28, 2022
edited
Loading

Any updates on this issue? It is advised to upgrade jsonwebtoken to version 9.0.0 because it has been rated as having a High vulnerability. We cannot upgrade jsonwebtoken alone because it is an ibmcloud-appid peer dependency.
image

abod-akhras pushed a commit that referenced this issue Jan 4, 2023
fix(package.json): updating json webtoken to v9
6435045 
fix #286
@abod-akhras abod-akhras mentioned this issue Jan 4, 2023
Merged
@abod-akhras abod-akhras mentioned this issue Jan 5, 2023
Merged
@github-actions
Copy link

github-actions bot commented Jan 5, 2023

🎉 This issue has been resolved in version 6.3.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abod-akhras abod-akhras

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(package.json): updating json webtoken to v9 ibm-cloud-security/appid-serversdk-nodejs
3 participants
@mohkhodeer @spraju92 @abod-akhras