Skip to content

Update jsonwebtoken and node-forge #905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sk- opened this issue Jun 14, 2020 · 1 comment · Fixed by #912
Closed

Update jsonwebtoken and node-forge #905

sk- opened this issue Jun 14, 2020 · 1 comment · Fixed by #912
Labels
type: cleanup

Comments

@sk-
Copy link
Contributor

sk- commented Jun 14, 2020

For some reason the version of jsonwebtoken is pinned to 8.1.0 (last updated 3 years ago) and node-forge is pinned to 0.7.4 (last updated 2 years ago).

Consider either bumping their versions or using the caret ^ if there's no good reason to have them pinned.

Note that both packages have received several updates including bug fixes and security updates, jsonwebtoken latest version is 8.5.1 and node-forge 0.9.1.

Note that pinning the versions mean that npm won't deduplicated the dependencies and multiple versions may be present in a project, making deployments slower and using more memory.
@google-oss-bot
Copy link

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@hiranya911 hiranya911 mentioned this issue Jun 19, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: cleanup
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Upgraded node-forge and jsonwebtoken dependencies firebase/firebase-admin-node
3 participants
@sk- @hiranya911 @google-oss-bot