Skip to content

fix: addrssing the vulnerability that came through where jsonwebtoken… #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 3, 2023
Merged

fix: addrssing the vulnerability that came through where jsonwebtoken… #93

merged 3 commits into from
Jan 3, 2023

Conversation

@jkalandaibm
Copy link
Collaborator

@jkalandaibm jkalandaibm commented Dec 29, 2022
edited
Loading

… needs to be upgraded

dependency: none

PR summary

the following problem was detected in our weekly scans.
image

As a result, I've tweaked the package-lock.json file to bump the version numbers.

Fixes: https://github.com/IBM/networking-node-sdk/security/dependabot/36

PR Checklist

Please make sure that your PR fulfills the following requirements:

  • The commit message follows the Angular Commit Message Guidelines.
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

PR Type

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • New tests
  • Build/CI related changes
  • Documentation content changes
  • Other (please describe) - dependency version update

What is the current behavior?

Vulnerability scan is generating an alert suggesting a dependency package called jsonwebtoken needs to be updated from version

What is the new behavior?

Vulnerability scan should be updated from 8.5.1 to 9.0.0

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

@jkalandaibm jkalandaibm force-pushed the jsonwebtoken-alert-fix branch from 175c464 to a17a648 Compare December 29, 2022 01:45
Joseph Kalandarishvili added 3 commits December 28, 2022 19:46
fix: addrssing the vulnerability that came through where jsonwebtoken…
aa4a9a3 
… neeeds to be upgraded

dependency: none
Signed-off-by: Joseph Kalandarishvili <[email protected]>
fix: addrssing the vulnerability that came through where jsonwebtoken…
5226797 
… neeeds to be upgraded

dependency: none
Signed-off-by: Joseph Kalandarishvili <[email protected]>
fix: addrssing the vulnerability that came through where jsonwebtoken…
7e29afd 
… neeeds to be upgraded

Signed-off-by: Joseph Kalandarishvili <[email protected]>
@jkalandaibm jkalandaibm force-pushed the jsonwebtoken-alert-fix branch from a17a648 to 7e29afd Compare December 29, 2022 01:46
@jkalandaibm jkalandaibm merged commit 567a9c9 into master Jan 3, 2023
MalarvizhiK pushed a commit that referenced this pull request Jan 13, 2023
@semantic-release-bot
chore(release): 0.27.0 [skip ci]
ad24f6b 
# [0.27.0](v0.26.0...v0.27.0) (2023-01-13)

### Bug Fixes

* addrssing the vulnerability that came through where jsonwebtoken… ([#93](#93)) ([567a9c9](567a9c9))

### Features

* **mtls:** adding Mtls ([da5aea8](da5aea8))
@MalarvizhiK
Copy link
Member

MalarvizhiK commented Jan 13, 2023

🎉 This PR is included in version 0.27.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kennburger kennburger kennburger approved these changes

@MalarvizhiK MalarvizhiK Awaiting requested review from MalarvizhiK

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jkalandaibm @MalarvizhiK @kennburger