From 1ae659e53e018907bbc41fbfe0e2513bba5892a4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 8 Sep 2022 18:10:10 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JOSE-3018688 --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index deb26ed..ff86429 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "dependencies": { "ajv": "^8.6.2", "chalk": "^4.1.2", - "jose": "3.13.0", + "jose": "^3.20.4", "jwk-to-pem": "^2.0.5", "ora": "^5.4.1", "yargs": "17.1.0" @@ -8069,9 +8069,9 @@ } }, "node_modules/jose": { - "version": "3.13.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-3.13.0.tgz", - "integrity": "sha512-tTZayOvpOX8y/W7FuCL6Sma9sElbA80ImDck86a6ge70lyBpQngx557PtP9Aro4SLEOPtZVVxM1P/boPzy+m7A==", + "version": "3.20.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-3.20.4.tgz", + "integrity": "sha512-PRnyOQwWGD3EZnnSpKOOLqQ0RT9chbB8f8AzY4bEHY0I2FCtrcp1ojG0nBgAMn2MtuPpE3wOwIhhW0G7AGzbLw==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -22280,9 +22280,9 @@ } }, "jose": { - "version": "3.13.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-3.13.0.tgz", - "integrity": "sha512-tTZayOvpOX8y/W7FuCL6Sma9sElbA80ImDck86a6ge70lyBpQngx557PtP9Aro4SLEOPtZVVxM1P/boPzy+m7A==" + "version": "3.20.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-3.20.4.tgz", + "integrity": "sha512-PRnyOQwWGD3EZnnSpKOOLqQ0RT9chbB8f8AzY4bEHY0I2FCtrcp1ojG0nBgAMn2MtuPpE3wOwIhhW0G7AGzbLw==" }, "js-tokens": { "version": "4.0.0", diff --git a/package.json b/package.json index bb77012..73f3f82 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,7 @@ "dependencies": { "ajv": "^8.6.2", "chalk": "^4.1.2", - "jose": "3.13.0", + "jose": "3.20.4", "jwk-to-pem": "^2.0.5", "ora": "^5.4.1", "yargs": "17.1.0"