Skip to content

Bump jsonwebtoken from 8.5.1 to 9.0.0 #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump jsonwebtoken from 8.5.1 to 9.0.0 #56

wants to merge 1 commit into from

Conversation

renovate-pagopa[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
jsonwebtoken dependencies major ^8.5.1 -> ^9.0.0

For further information on security, please refer to the Confluence page link

Release Notes

auth0/node-jsonwebtoken (jsonwebtoken)

v9.0.0

Compare Source

Breaking changes: See Migration from v8 to v9

Breaking changes
Security fixes
  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-pagopa renovate-pagopa bot changed the title Bump jsonwebtoken from 8.5.1 to 9.0.0 Bump jsonwebtoken from 8.5.1 to 9.0.0 - autoclosed Aug 5, 2025
@renovate-pagopa renovate-pagopa bot closed this Aug 5, 2025
@renovate-pagopa renovate-pagopa bot deleted the renovate/jsonwebtoken-to-9.0.0 branch August 5, 2025 04:51
@renovate-pagopa renovate-pagopa bot restored the renovate/jsonwebtoken-to-9.0.0 branch August 5, 2025 08:35
@renovate-pagopa renovate-pagopa bot changed the title Bump jsonwebtoken from 8.5.1 to 9.0.0 - autoclosed Bump jsonwebtoken from 8.5.1 to 9.0.0 Aug 5, 2025
@renovate-pagopa renovate-pagopa bot reopened this Aug 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants