vulnerability in passport-jwt's dependancy jsonwebtoken

Question

Closed this issue 2 years ago · 7 comments

Updating to jsonwebtoken's latest version 9.0.0 resolves the vulnerability
Vulnerability details : GHSA-27h2-hvpr-p74q

Answer 1 · 2022-12-22T11:48:25.000Z

Same here, using it with nest.js for JWT strategies, getting a high vulnerability.

Answer 2 · 2022-12-22T14:32:44.000Z

We have the same problem!

Answer 3 · 2022-12-22T14:42:45.000Z

Went ahead and created #245

Answer 4 · 2022-12-22T22:05:53.000Z

@mikenicholson Please merge #245 and release ASAP Snyk is stopping our app from going to production with this version

Thank you!

Answer 5 · 2022-12-23T07:43:12.000Z

I'm too facing this issues with snyk. @mikenicholson please let me know when will this be merged and released.
Thanks

Answer 6 · 2022-12-24T05:28:16.000Z

4.0.1 bumps the jsonwebtoken dependnecy and has been release to NPM

Answer 7 · 2022-12-25T03:51:57.000Z

Thanks so much !!