Upgrade jsonwebtoken dependency to fix vulnerability #18

gianpaj · 2018-07-21T16:33:59Z

What?

❌ High severity vulnerability found in base64url
Description: Uninitialized Memory Exposure
Info: https://snyk.io/vuln/npm:base64url:20180511
Introduced through: @pusher/[email protected]
From: @pusher/[email protected] > [email protected] > [email protected] > [email protected]
From: @pusher/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]
From: @pusher/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
and 3 more...
Remediation:
~~Your dependencies are out of date, otherwise you would be using a newer version of base64url.
Try deleting node_modules, reinstalling and running snyk test again. If the problem persists,~~~ one of your dependencies may be bundling outdated modules.

Suggested improvements

They fixed it this PR:
auth0/node-jsonwebtoken#465

The text was updated successfully, but these errors were encountered:

hamchapman · 2018-07-23T10:05:32Z

Published 0.12.2 that fixes this - thanks!

hamchapman closed this as completed Jul 23, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade jsonwebtoken dependency to fix vulnerability #18

Upgrade jsonwebtoken dependency to fix vulnerability #18

gianpaj commented Jul 21, 2018

hamchapman commented Jul 23, 2018

Upgrade jsonwebtoken dependency to fix vulnerability #18

Upgrade jsonwebtoken dependency to fix vulnerability #18

Comments

gianpaj commented Jul 21, 2018

What?

Suggested improvements

hamchapman commented Jul 23, 2018