Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update jsonwebtoken #766

Merged
merged 3 commits into from
Dec 22, 2022
Merged

Update jsonwebtoken #766

merged 3 commits into from
Dec 22, 2022

Conversation

adamjmcgrath
Copy link
Contributor

Changes

Update jsonwebtoken

Breaking change: Drop support for Node <14

(Have gone with Node >=14 even though jsonwebtoken only requires 12 because 12 is EOL and we'll want to follow up with an upgrade of jwks-rsa which requires >=14)

References

Fixes #763

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage

Checklist

@adamjmcgrath
Copy link
Contributor Author

Am investigating the Node 16 & 18 failures

This was referenced Dec 22, 2022
Closed
Closed
@adamjmcgrath
Copy link
Contributor Author

Am investigating the Node 16 & 18 failures

☝️ due to a testing dependency not working on openssl 3 (which the new cimg images have installed) - have replaced it with native crypto

adamjmcgrath
adamjmcgrath commented Dec 22, 2022
View reviewed changes
test/auth/oauth-with-idtoken-validation.tests.js
@@ -3,7 +3,7 @@ const sinon = require('sinon');
const proxyquire = require('proxyquire');
const jwt = require('jsonwebtoken');
const jwksClient = require('jwks-rsa');
const pem = require('pem');
Copy link
Contributor Author

@adamjmcgrath adamjmcgrath Dec 22, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pem (testing only dependency) doesn't work on openssl 3 which the new cimg images use

@adamjmcgrath adamjmcgrath marked this pull request as ready for review December 22, 2022 19:20
@adamjmcgrath adamjmcgrath requested a review from a team as a code owner December 22, 2022 19:20
@adamjmcgrath adamjmcgrath merged commit 5d0700d into master Dec 22, 2022
@adamjmcgrath adamjmcgrath deleted the jsonwebtoken-upgrade branch December 22, 2022 19:32
@adamjmcgrath adamjmcgrath mentioned this pull request Dec 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frederikprijck frederikprijck frederikprijck approved these changes

Assignees
No one assigned
Labels
CH: Breaking Change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

jsonwebtoken vulnerability.
2 participants
@adamjmcgrath @frederikprijck