Bump jsonwebtoken to 9.0.0

Question

Bump jsonwebtoken to 9.0.0

Closed this issue a year ago · 3 comments

jsonwebtoken 8.5.1 has a security vulnerability: GHSA-27h2-hvpr-p74q. Please upgrade to 9.0.0.

Answer 1 · 2023-01-31T21:09:11.000Z

I would actually suggest moving to another library like jose which works even on browsers

Answer 2 · 2023-02-01T05:55:53.000Z

@fredrjoh thank you for the ping. this vulnerability does not impact us at the moment. nonetheless, we'll upgrade some of these dependencies shortly.

Answer 3 · 2023-04-20T14:54:53.000Z

I wanted to add one to this request since we are using this library and we are getting vulnerability reports because of the transient dependency of jsonwebtoken. Thanks!