[Snyk] Upgrade: , ajv, bigint-conversion, bigint-crypto-utils, elliptic, jose

[rish2497]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@juanelas/base64
from 1.1.2 to 1.1.5 | 3 versions ahead of your current version | 10 months ago
on 2023-11-10
ajv
from 8.12.0 to 8.17.1 | 5 versions ahead of your current version | 2 months ago
on 2024-07-12
bigint-conversion
from 2.4.1 to 2.4.3 | 2 versions ahead of your current version | 10 months ago
on 2023-11-10
bigint-crypto-utils
from 3.2.2 to 3.3.0 | 1 version ahead of your current version | a year ago
on 2023-06-29
elliptic
from 6.5.4 to 6.5.7 | 3 versions ahead of your current version | 24 days ago
on 2024-08-14
jose
from 4.14.0 to 4.15.9 | 16 versions ahead of your current version | 2 months ago
on 2024-07-03

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Resource Exhaustion SNYK-JS-JOSE-6419224	479	No Known Exploit

Release notes

Package name: @juanelas/base64

• 1.1.5 - 2023-11-10
  

  1.1.5

• 1.1.4 - 2023-10-06
  

  1.1.4

• 1.1.3 - 2023-10-06
  

  1.1.3

• 1.1.2 - 2023-04-14
  

  1.1.2

from @juanelas/base64 GitHub release notes

Package name: ajv

• 8.17.1 - 2024-07-12
  

  What's Changed

  • bump version to 8.17.1 by @ jasoniangreen in #2472

  Full Changelog: v8.17.0...v8.17.1

  Plus everything in 8.17.0 which failed to release

  The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

  Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
  fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
  docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
  docs: refactor to improve legibility by @ blottn in #2432
  Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
  docs: Fix broken strict-mode link by @ alexanderjsx in #2459
  feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in #2449
  fix: changes for @ typescript-eslint/array-type rule by @ jasoniangreen in #2467
  fixes #2217 - clarify custom keyword naming by @ jasoniangreen in #2457

• 8.16.0 - 2024-06-04
  

  What's Changed

  • Revert fast-uri change by @ jasoniangreen in #2444

  Full Changelog: v8.15.0...v8.16.0

• 8.15.0 - 2024-06-03
  

  What's Changed

  • Replace uri-js with fast-uri by @ vixalien in #2415
  • Bump to 8.15.0 by @ jasoniangreen in #2442

  New Contributors

  • @ vixalien made their first contribution in #2415

  Full Changelog: v8.14.0...v8.15.0

• 8.14.0 - 2024-05-25
  

  What's Changed

  • readme: build badge by @ epoberezkin in #2424
  • Update workflows by @ rotu in #2410
  • docs: add warning to maxLength / minLength by @ jasoniangreen in #2428
  • fix: broken link in docs warning by @ jasoniangreen in #2431
  • compileAsync a schema with discriminator and $ref, fixes #2427 by @ jasoniangreen in #2433
  • bump version to 8.14.0 for publishing by @ jasoniangreen in #2440

  New Contributors

  • @ rotu made their first contribution in #2410

  Full Changelog: v8.13.0...v8.14.0

• 8.13.0 - 2024-04-29
  
  • add named exports
  • update dependencies
  • update node.js
• 8.12.0 - 2023-01-03
  
  • fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @ piliugin-anton)
  • empty JTD "values" schema (#2191)
  • empty object to work with JTD utility type (#2158, @ erikbrinkman)
  • fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
  • correctly narrow "number" type to "integer" (#2192, @ JacobLey)
  • update Node.js versions in CI to 14, 16, 18 and 19

from ajv GitHub release notes

Package name: bigint-conversion

• 2.4.3 - 2023-11-10
  

  2.4.3

• 2.4.2 - 2023-09-05
  

  2.4.2

• 2.4.1 - 2023-04-14
  

  2.4.1

from bigint-conversion GitHub release notes

Package name: bigint-crypto-utils

• 3.3.0 - 2023-06-29
  

  3.3.0

• 3.2.2 - 2023-04-13
  

  3.2.2

from bigint-crypto-utils GitHub release notes

Package name: elliptic

• 6.5.7 - 2024-08-14
  

  6.5.7

• 6.5.6 - 2024-07-17
  

  6.5.6

• 6.5.5 - 2024-03-05
  

  6.5.5

• 6.5.4 - 2021-02-02
  

  6.5.4

from elliptic GitHub release notes

Package name: jose

• 4.15.9 - 2024-07-03
  

  Fixes

  • add sideEffects:false to nested ESM package.json files (17eef5f)
• 4.15.8 - 2024-07-03
  

  chore(release): 4.15.8

• 4.15.7 - 2024-06-18
  

  Fixes

  • add a workerd package.json target (e36d69e)
• 4.15.6 - 2024-06-18
• 4.15.5 - 2024-03-07
• 4.15.4 - 2023-10-14
• 4.15.3 - 2023-10-11
• 4.15.2 - 2023-10-04
• 4.15.1 - 2023-10-02
• 4.15.0 - 2023-10-02
• 4.14.6 - 2023-09-04
• 4.14.5 - 2023-09-02
• 4.14.4 - 2023-04-30
• 4.14.3 - 2023-04-27
• 4.14.2 - 2023-04-26
• 4.14.1 - 2023-04-20
• 4.14.0 - 2023-04-14

from jose GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[KolomboPulse]

2

[KolomboPulse]

11.0

[KolomboPulse]

5

[KolomboPulse]

17.1

[KolomboPulse]

1

[KolomboPulse]

3

[KolomboPulse]

3.0

[KolomboPulse]

7

[KolomboPulse]

3.7

[KolomboPulse]

15.9