select
select copied to clipboard
eces
[Snyk] Fix for 1 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: cp-file
The new version differs by 6 commits.Package name: jsonwebtoken
The new version differs by 17 commits.- e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
- 5eaedbf chore(ci): remove github test actions job (#861)
- cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
- ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
- 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
- 7e6a86b Upload OpsLevel YAML (#849)
- 74d5719 docs: update references vercel/ms references (#770)
- d71e383 docs: document "invalid token" error
- 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
- a46097e docs: make decode impossible to discover before verify
- 15a1bc4 refactor: make decode non-enumerable
- 5f10bf9 docs: add jwtid to options of jwt.verify (#704)
- 88cb9df Replace tilde-indexOf with includes (#647)
- a6235fa Adds not to README on decoded payload validation (#646)
- 5ed1f06 docs: fix tiny style change in readme (#622)
- 9fb90ca style: add missing semicolon (#641)
- a9e38b8 ci: use circleci (#589)
Package name: nodemon
The new version differs by 18 commits.- 27e91c3 fix: update packge-lock
- 0144e4f fix: bump update-notifier to v6.0.0 (#2029)
- c870342 chore: update supporters
- 5c0b472 chore: add supporter
- e26aaa9 fix: support windows by using path.delimiter
- 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
- de5d32a docs: Unified Node.js capitalization (#1986)
- e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
- bc4547b chore: update sponsors
- 07159c5 chore: add supporters
- cd100da chore: update supporters
- 6a34922 chore: supporters
- e5d6067 chore: updating supporters
- 242f9f7 Merge branch 'main' of github.com:remy/nodemon
- 141e58c chore: update supporters
- 53422af ci(release): workflow uses 'npm' cache (#1933)
- 581c641 ci(node.js): workflow uses 'npm' cache (#1934)
- cb1c8b9 docs: Fix typo in faq.md (#1950)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
