[Snyk] Upgrade: semver, ajv, dayjs, jsonwebtoken #500
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- semver from 7.5.4 to 7.6.3.
See this package in npm: https://www.npmjs.com/package/semver
- ajv from 8.12.0 to 8.17.1.
See this package in npm: https://www.npmjs.com/package/ajv
- dayjs from 1.11.7 to 1.11.13.
See this package in npm: https://www.npmjs.com/package/dayjs
- jsonwebtoken from 9.0.0 to 9.0.2.
See this package in npm: https://www.npmjs.com/package/jsonwebtoken
See this project in Snyk:
https://app.snyk.io/org/googlecloud-fD9E4u83kGB6j2zHM2NDFc/project/5c977b50-8b62-4cd0-ba45-f3a5bee40ef0?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
semver
from 7.5.4 to 7.6.3 | 4 versions ahead of your current version | 2 months ago
on 2024-07-16
ajv
from 8.12.0 to 8.17.1 | 5 versions ahead of your current version | 2 months ago
on 2024-07-12
dayjs
from 1.11.7 to 1.11.13 | 6 versions ahead of your current version | a month ago
on 2024-08-20
jsonwebtoken
from 9.0.0 to 9.0.2 | 2 versions ahead of your current version | a year ago
on 2023-08-30
Release notes
Package name: semver
-
7.6.3 - 2024-07-16
-
7.6.2 - 2024-05-09
-
7.6.1 - 2024-05-07
-
7.6.0 - 2024-02-05
-
7.5.4 - 2023-07-07
from semver GitHub release notes7.6.3 (2024-07-16)
Bug Fixes
73a3d79#726 optimize Range parsing and formatting (#726) (@ jviide)Documentation
2975ece#719 fix extra backtick typo (#719) (@ stdavis)7.6.2 (2024-05-09)
Bug Fixes
6466ba9#713 lru: use map.delete() directly (#713) (@ negezor, @ lukekarrys)7.6.1 (2024-05-04)
Bug Fixes
c570a34#704 linting: no-unused-vars (@ wraithgar)ad8ff11#704 use internal cache implementation (@ mbtools)ac9b357#682 typo in compareBuild debug message (#682) (@ mbtools)Dependencies
988a8de#709 uninstalllru-cache(#709)3fabe4d#704 remove lru-cacheChores
dd09b60#705 bump @ npmcli/template-oss to 4.22.0 (@ lukekarrys)ec49cdc#701 chore: chore: postinstall for dependabot template-oss PR (@ lukekarrys)b236c3d#696 add benchmarks (#696) (@ H4ad)692451b#688 various improvements to README (#688) (@ mbtools)5feeb7f#705 postinstall for dependabot template-oss PR (@ lukekarrys)074156f#701 bump @ npmcli/template-oss from 4.21.3 to 4.21.4 (@ dependabot[bot])7.6.0 (2024-01-31)
Features
a7ab13a#671 preserve pre-release and build parts of a version on coerce (#671) (@ madtisa, madtisa, @ wraithgar)Chores
816c7b2#667 postinstall for dependabot template-oss PR (@ lukekarrys)0bd24d9#667 bump @ npmcli/template-oss from 4.21.1 to 4.21.3 (@ dependabot[bot])e521932#652 postinstall for dependabot template-oss PR (@ lukekarrys)8873991#652 chore: chore: postinstall for dependabot template-oss PR (@ lukekarrys)f317dc8#652 bump @ npmcli/template-oss from 4.19.0 to 4.21.0 (@ dependabot[bot])7303db1#658 add clean() test for build metadata (#658) (@ jethrodaniel)6240d75#656 add missing quotes in README.md (#656) (@ zyxkad)14d263f#625 postinstall for dependabot template-oss PR (@ lukekarrys)7c34e1a#625 bump @ npmcli/template-oss from 4.18.1 to 4.19.0 (@ dependabot[bot])123e0b0#622 postinstall for dependabot template-oss PR (@ lukekarrys)737d5e1#622 bump @ npmcli/template-oss from 4.18.0 to 4.18.1 (@ dependabot[bot])cce6180#598 postinstall for dependabot template-oss PR (@ lukekarrys)b914a3d#598 bump @ npmcli/template-oss from 4.17.0 to 4.18.0 (@ dependabot[bot])7.5.4 (2023-07-07)
Bug Fixes
cc6fde2#588 trim each range set before parsing (@ lukekarrys)99d8287#583 correctly parse long build ids as valid (#583) (@ lukekarrys)Package name: ajv
-
8.17.1 - 2024-07-12
- bump version to 8.17.1 by @ jasoniangreen in #2472
-
8.16.0 - 2024-06-04
- Revert fast-uri change by @ jasoniangreen in #2444
-
8.15.0 - 2024-06-03
- Replace
- Bump to 8.15.0 by @ jasoniangreen in #2442
- @ vixalien made their first contribution in #2415
-
8.14.0 - 2024-05-25
- readme: build badge by @ epoberezkin in #2424
- Update workflows by @ rotu in #2410
- docs: add warning to maxLength / minLength by @ jasoniangreen in #2428
- fix: broken link in docs warning by @ jasoniangreen in #2431
- compileAsync a schema with discriminator and $ref, fixes #2427 by @ jasoniangreen in #2433
- bump version to 8.14.0 for publishing by @ jasoniangreen in #2440
- @ rotu made their first contribution in #2410
-
8.13.0 - 2024-04-29
- add named exports
- update dependencies
- update node.js
-
8.12.0 - 2023-01-03
- fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @ piliugin-anton)
- empty JTD "values" schema (#2191)
- empty object to work with JTD utility type (#2158, @ erikbrinkman)
- fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
- correctly narrow "number" type to "integer" (#2192, @ JacobLey)
- update Node.js versions in CI to 14, 16, 18 and 19
from ajv GitHub release notesWhat's Changed
Full Changelog: v8.17.0...v8.17.1
Plus everything in 8.17.0 which failed to release
The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.
Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
docs: refactor to improve legibility by @ blottn in #2432
Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
docs: Fix broken strict-mode link by @ alexanderjsx in #2459
feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in #2449
fix: changes for @ typescript-eslint/array-type rule by @ jasoniangreen in #2467
fixes #2217 - clarify custom keyword naming by @ jasoniangreen in #2457
What's Changed
Full Changelog: v8.15.0...v8.16.0
What's Changed
uri-jswithfast-uriby @ vixalien in #2415New Contributors
Full Changelog: v8.14.0...v8.15.0
What's Changed
New Contributors
Full Changelog: v8.13.0...v8.14.0
Package name: dayjs
-
1.11.13 - 2024-08-20
- customParseFormat supports Q quter / w ww weekOfYear (#2705) (8ca74f1)
-
1.11.12 - 2024-07-18
- Add NegativeYear Plugin support (#2640) (6a42e0d)
- add UTC support to negativeYear plugin (#2692) (f3ef705)
- Fix zero offset issue when use tz with locale (#2532) (d0e6738)
- Improve typing for min/max plugin (#2573) (4fbe94a)
- timezone plugin currect parse UTC tz (#2693) (b575c81)
-
1.11.11 - 2024-04-28
- day of week type literal (#2630) (f68d73e)
- improve locale "zh-hk" format and meridiem (#2419) (a947a51)
- Update 'da' locale to match correct first week of year (#2592) (44b0936)
- update locale Bulgarian monthsShort Jan (#2538) (f0c9a41)
-
1.11.10 - 2023-09-19
- Add Korean Day of Month with ordinal (#2395) (dd55ee2)
- change back fa locale to the Gregorian calendar equivalent (#2411) (95e9458)
- duration plugin - MILLISECONDS_A_MONTH const calculation (#2362) (f0a0b54)
- duration plugin getter get result 0 instead of undefined (#2369) (061aa7e)
- fix isDayjs check logic (#2383) (5f3f878)
- fix timezone plugin to get correct locale setting (#2420) (4f45012)
- locale: add meridiem in
- round durations to millisecond precision for ISO string (#2367) (890a17a)
- sub-second precisions need to be rounded at the seconds field to avoid adding floats (#2377) (a9d7d03)
- update $x logic to avoid plugin error (#2429) (2254635)
- Update Slovenian locale for relative time (#2396) (5470a15)
- update uzbek language translation (#2327) (0a91056)
-
1.11.9 - 2023-07-01
- Add null to min and max plugin return type (#2355) (62d9042)
- check if null passed to objectSupport parser (#2175) (013968f)
- dayjs.diff improve performance (#2244) (33c80e1)
- dayjs(null) throws error, not return dayjs object as invalid date (#2334) (c79e2f5)
- objectSupport plugin causes an error when null is passed to dayjs function (closes #2277) (#2342) (89bf31c)
- Optimize format method (#2313) (1fe1b1d)
- update Duration plugin add/subtract take into account days in month (#2337) (3b1060f)
- update MinMax plugin 1. ignore the 'null' in args 2. return the only one arg (#2330) (3c2c6ee)
-
1.11.8 - 2023-06-02
- .format add padding to 'YYYY' (#2231) (00c223b)
- Added .valueOf method to Duration class (#2226) (9b4fcfd)
- timezone type mark
- type file first parameter date is optional in isSame(), isBefore(), isAfter() (#2272) (4d56f3e)
-
1.11.7 - 2022-12-06
- Add locale (zh-tw) meridiem (#2149) (1e9ba76)
- update fa locale (#2151) (1c26732)
from dayjs GitHub release notes1.11.13 (2024-08-20)
Bug Fixes
1.11.12 (2024-07-18)
Bug Fixes
1.11.11 (2024-04-28)
Bug Fixes
1.11.10 (2023-09-19)
Bug Fixes
arlocale (#2418) (361be5c)1.11.9 (2023-07-01)
Bug Fixes
1.11.8 (2023-06-02)
Bug Fixes
dateparameter as optional (#2222) (b87aa0e)1.11.7 (2022-12-06)
Bug Fixes
Package name: jsonwebtoken
-
9.0.2 - 2023-08-30
-
9.0.1 - 2023-07-05
-
9.0.0 - 2022-12-21
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
from jsonwebtoken GitHub release notesRelease 9.0.2 (#935)
Updating package version to 9.0.1 (#920)
Check if node version supports asymmetricKeyDetails
Validate algorithms for ec key type
Rename variable
Rename function
Add early return for symmetric keys
Validate algorithm for RSA key type
Validate algorithm for RSA-PSS key type
Check key types for EdDSA algorithm
Rename function
Move validateKey function to module
Convert arrow to function notation
Validate key in verify function
Simplify if
Convert if to switch..case
Guard against empty key in validation
Remove empty line
Add lib to check modulus length
Add modulus length checks
Validate mgf1HashAlgorithm and saltLength
Check node version before using key details API
Use built-in modulus length getter
Fix Node version validations
Remove duplicate validateKey
Add periods to error messages
Fix validation in verify function
Make asymmetric key validation the latest validation step
Change key curve validation
Remove support for ES256K
Fix old test that was using wrong key types to sign tokens
Enable RSA-PSS for old Node versions
Add specific RSA-PSS validations on Node 16 LTS+
Improve error message
Simplify key validation code
Fix typo
Improve error message
Change var to const in test
Change const to let to avoid reassigning problem
Improve error message
Test incorrect private key type
Rename invalid to unsupported
Test verifying of jwt token with unsupported key
Test invalid private key type
Change order of object parameters
Move validation test to separate file
Move all validation tests to separate file
Add prime256v1 ec key
Remove modulus length check
WIP: Add EC key validation tests
Fix node version checks
Fix error message check on test
Add successful tests for EC curve check
Remove only from describe
Remove
onlyRemove duplicate block of code
Move variable to a different scope and make it const
Convert allowed curves to object for faster lookup
Rename variable
Change variable assignment order
Remove unused object properties
Test RSA-PSS happy path and wrong length
Add missing tests
Pass validation if no algorithm has been provided
Test validation of invalid salt length
Test error when signing token with invalid key
Change var to const/let in verify tests
Test verifying token with invalid key
Improve test error messages
Add parameter to skip private key validation
Replace DSA key with a 4096 bit long key
Test allowInvalidPrivateKeys in key signing
Improve test message
Rename variable
Add key validation flag tests
Fix variable name in Readme
Change private to public dsa key in verify
Rename flag
Run EC validation tests conditionally
Fix tests in old node versions
Ignore block of code from test coverage
Separate EC validations tests into two different ones
Add comment
Wrap switch in if instead of having an early return
Remove unsupported algorithms from asymmetric key validation
Rename option to allowInvalidAsymmetricKeyTypes and improve Readme
9.0.0
adding migration notes to readme
adding changelog for version 9.0.0
Co-authored-by: julienwoll julien.wollscheid@auth0.com
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"semver","from":"7.5.4","to":"7.6.3"},{"name":"ajv","from":"8.12.0","to":"8.17.1"},{"name":"dayjs","from":"1.11.7","to":"1.11.13"},{"name":"jsonwebtoken","from":"9.0.0","to":"9.0.2"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"369db202-b893-41f8-a270-b144e96173b5","prPublicId":"369db202-b893-41f8-a270-b144e96173b5","packageManager":"npm","priorityScoreList":[],"projectPublicId":"5c977b50-8b62-4cd0-ba45-f3a5bee40ef0","projectUrl":"https://app.snyk.io/org/googlecloud-fD9E4u83kGB6j2zHM2NDFc/project/5c977b50-8b62-4cd0-ba45-f3a5bee40ef0?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","t...