minecraft-proxy
minecraft-proxy copied to clipboard
Bump jsonwebtoken and @azure/msal-node
Bumps jsonwebtoken and @azure/msal-node. These dependencies needed to be updated together.
Updates jsonwebtoken
from 8.5.1 to 9.0.0
Changelog
Sourced from jsonwebtoken's changelog.
9.0.0 - 2022-12-21
Breaking changes: See Migration from v8 to v9
Breaking changes
- Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)
- RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)
- Key types must be valid for the signing / verification algorithm
Security fixes
- security: fixes
Arbitrary File Write via verify function
- CVE-2022-23529- security: fixes
Insecure default algorithm in jwt.verify() could lead to signature validation bypass
- CVE-2022-23540- security: fixes
Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
- CVE-2022-23541- security: fixes
Unrestricted key type could lead to legacy keys usage
- CVE-2022-23539
Commits
e1fa9dc
Merge pull request from GHSA-8cf7-32gw-wr335eaedbf
chore(ci): remove github test actions job (#861)cd4163e
chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)ecdf6cc
fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...8345030
fix(sign&verify)!: Remove defaultnone
support fromsign
andverify
met...7e6a86b
Upload OpsLevel YAML (#849)74d5719
docs: update references vercel/ms references (#770)d71e383
docs: document "invalid token" error3765003
docs: fix spelling in README.md: Peak -> Peek (#754)a46097e
docs: make decode impossible to discover before verify- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates @azure/msal-node
from 1.5.0 to 1.14.6
Release notes
Sourced from @azure/msal-node
's releases.
@azure/msal-node
v1.14.61.14.6
Mon, 09 Jan 2023 22:44:58 GMT
Patches
- fix logger undefined error #5355 ([email protected])
- Upgrade jsonwebtoken to v9 ([email protected])
- Bump
@azure/msal-common
to v9.0.2 (beachball)Discussion: https://github.com/AzureAD/microsoft-authentication-library-for-js/discussions/5542
@azure/msal-node
v1.14.51.14.5
Wed, 07 Dec 2022 16:53:07 GMT
Patches
- Serialize/deserialize access token userAssertionHash property to fix cache persistence issue in OBO flow #5398 ([email protected])
- Bump
@azure/msal-common
to v9.0.1 (beachball)Discussion: https://github.com/AzureAD/microsoft-authentication-library-for-js/discussions/5460
@azure/msal-node
v1.14.41.14.4
Mon, 21 Nov 2022 19:14:45 GMT
Patches
- Added logging to Authority class ([email protected])
- Fixed msal-node HttpClient server error bug #5342 ([email protected])
- Include original request params on /token request in acquireTokenInteractive #5403 ([email protected])
- Fix circular dependency #5402 ([email protected])
- Bump
@azure/msal-common
to v9.0.0 (beachball)Discussion: https://github.com/AzureAD/microsoft-authentication-library-for-js/discussions/5416
@azure/msal-node
v1.14.31.14.3
Mon, 07 Nov 2022 22:46:55 GMT
Patches
- Bump
@azure/msal-common
to v8.0.0 (beachball)Discussion: https://github.com/AzureAD/microsoft-authentication-library-for-js/discussions/5369
... (truncated)
Commits
011c397
Bump package versions (#5473)1c8f7d7
Merge pull request #5482 from AzureAD/lalimas/browsercachingupdates4ff8430
Merge branch 'dev' into lalimas/browsercachingupdatesc990330
Update codeowners (#5540)6d56ca5
exporting NativeAuthError for internal useeb8174d
Merge branch 'dev' of https://github.com/AzureAD/microsoft-authentication-lib...95220b9
chore: update lerna to 6.4.0 (#5533)cae5e2f
Merge pull request #5531 from AzureAD/fix-typos-telemetry-dev80e3129
Merge branch 'fix-typos-telemetry-dev' of github.com:AzureAD/microsoft-authen...984a854
fix typo in test cases- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.