From 99e83bc588804c4de8674bf8636a47fdb14aae4d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Sep 2024 03:47:44 +0000 Subject: [PATCH] fix: aws-node-auth0-custom-authorizers-api/package.json & aws-node-auth0-custom-authorizers-api/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:base64url:20180511 --- .../package.json | 2 +- .../yarn.lock | 40 ++++++++++++++++--- 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/aws-node-auth0-custom-authorizers-api/package.json b/aws-node-auth0-custom-authorizers-api/package.json index fbe1c4ef4..ecb997fa2 100644 --- a/aws-node-auth0-custom-authorizers-api/package.json +++ b/aws-node-auth0-custom-authorizers-api/package.json @@ -4,7 +4,7 @@ "description": "Demonstration of protecting API gateway endpoints with auth0", "license": "MIT", "dependencies": { - "jsonwebtoken": "^8.1.0" + "jsonwebtoken": "^8.5.0" }, "devDependencies": { "serverless-offline": "^3.18.0" diff --git a/aws-node-auth0-custom-authorizers-api/yarn.lock b/aws-node-auth0-custom-authorizers-api/yarn.lock index b1b8ec823..697513c82 100644 --- a/aws-node-auth0-custom-authorizers-api/yarn.lock +++ b/aws-node-auth0-custom-authorizers-api/yarn.lock @@ -246,6 +246,13 @@ detect-indent@^4.0.0: dependencies: repeating "^2.0.0" +ecdsa-sig-formatter@1.0.11: + version "1.0.11" + resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz#ae0f0fa2d85045ef14a817daa3ce9acd0489e5bf" + integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ== + dependencies: + safe-buffer "^5.0.1" + ecdsa-sig-formatter@1.0.9: version "1.0.9" resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.9.tgz#4bc926274ec3b5abb5016e7e1d60921ac262b2a1" @@ -421,11 +428,12 @@ jsonwebtoken@^7.4.3: ms "^2.0.0" xtend "^4.0.1" -jsonwebtoken@^8.1.0: - version "8.2.0" - resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.2.0.tgz#690ec3a9e7e95e2884347ce3e9eb9d389aa598b3" +jsonwebtoken@^8.5.0: + version "8.5.1" + resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d" + integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w== dependencies: - jws "^3.1.4" + jws "^3.2.2" lodash.includes "^4.3.0" lodash.isboolean "^3.0.3" lodash.isinteger "^4.0.4" @@ -434,7 +442,7 @@ jsonwebtoken@^8.1.0: lodash.isstring "^4.0.1" lodash.once "^4.0.0" ms "^2.1.1" - xtend "^4.0.1" + semver "^5.6.0" jwa@^1.1.4: version "1.1.5" @@ -445,6 +453,15 @@ jwa@^1.1.4: ecdsa-sig-formatter "1.0.9" safe-buffer "^5.0.1" +jwa@^1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.1.tgz#743c32985cb9e98655530d53641b66c8645b039a" + integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA== + dependencies: + buffer-equal-constant-time "1.0.1" + ecdsa-sig-formatter "1.0.11" + safe-buffer "^5.0.1" + jws@^3.1.4: version "3.1.4" resolved "https://registry.yarnpkg.com/jws/-/jws-3.1.4.tgz#f9e8b9338e8a847277d6444b1464f61880e050a2" @@ -453,6 +470,14 @@ jws@^3.1.4: jwa "^1.1.4" safe-buffer "^5.0.1" +jws@^3.2.2: + version "3.2.2" + resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304" + integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA== + dependencies: + jwa "^1.4.1" + safe-buffer "^5.0.1" + kilt@2.x.x: version "2.0.2" resolved "https://registry.yarnpkg.com/kilt/-/kilt-2.0.2.tgz#04d7183c298a1232efddf7ddca5959a8f6301e20" @@ -591,6 +616,11 @@ safe-buffer@^5.0.1: version "5.1.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" +semver@^5.6.0: + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== + serverless-offline@^3.18.0: version "3.18.0" resolved "https://registry.yarnpkg.com/serverless-offline/-/serverless-offline-3.18.0.tgz#d07596f3474da7e43733e56d1325d051061bb798"