express-mongo-example-project
express-mongo-example-project copied to clipboard
[Snyk] Security upgrade express-jwt from 5.3.1 to 6.1.1
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASHSET-1320032 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express-jwt
The new version differs by 23 commits.- c4de5de 6.1.1
- 691fd6a Merge pull request #272 from ryanpcmcquen/prototype-pollution-vulnerability-fix
- 551bf40 Fix prototype pollution vulnerability.
- 354e1f8 6.1.0
- 3db0e6b Merge pull request #265 from pipeline1987/master
- 67bd3c4 upgrade express-unless dependency to v1.0.0
- 5cf9b0b Merge pull request #236 from auth0/dependabot/npm_and_yarn/lodash-4.17.19
- adf60bb Merge pull request #239 from auth0/update-changelog
- ed743a8 Updated changelog
- 61776e2 Bump lodash from 4.17.15 to 4.17.19
- 5fb8c88 Merge pull request #234 from gkwang/update-readme
- 43b7921 Update readme on 6.0.0 changes
- 678f3b0 6.0.0
- 7ecab5f Merge pull request from GHSA-6g6m-m6h5-w9gf
- 304a1c5 Made algorithms mandatory
- e9ed6d2 5.3.3
- 8662579 Make clearer sections in the Readme
- d3e86bf Update README.md
- c5d8419 Add a note about OAuth2 bearer tokens
- 888f0e9 Update Readme and use a consistent JS style for code examples
- 6591014 5.3.2
- f4f4d1d fix license field
- 1789282 fix dependencies vulnerabilities and test against 8, 10 and 12 from now on
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons: