Bump fast-jwt and @fastify/jwt
Type: Pull Request
State: Open
![dependabot[bot]](https://github.com/dependabot.png){kind=small}
dependabot[bot]Association: None
Comments: 0
(9 months ago)
(9 months ago)
dependencies javascript
Bumps fast-jwt to 6.0.2 and updates ancestor dependency @fastify/jwt. These dependencies need to be updated together.
Updates fast-jwt from 2.2.0 to 6.0.2
Release notes
Sourced from fast-jwt's releases.
v6.0.2
What's Changed
- [OPTIC-RELEASE-AUTOMATION] release/v6.0.1 by
@optic-release-automationin nearform/fast-jwt#557- chore(deps-dev): bump tsd from 0.31.2 to 0.32.0 by
@dependabotin nearform/fast-jwt#558- docs: Add error handling section with examples by
@simonebin nearform/fast-jwt#561- Fix: error constructor in declaration file by
@atlowChemiin nearform/fast-jwt#562New Contributors
@atlowChemimade their first contribution in nearform/fast-jwt#562Full Changelog: https://github.com/nearform/fast-jwt/compare/v6.0.1...v6.0.2
v6.0.1
What's Changed
- [OPTIC-RELEASE-AUTOMATION] release/v6.0.0 by
@optic-release-automationin nearform/fast-jwt#554- feature: support negative expiresIn when signing tokens by
@agublerin nearform/fast-jwt#556Full Changelog: https://github.com/nearform/fast-jwt/compare/v6.0.0...v6.0.1
v6.0.0
BREAKING CHANGES
This is a semver major release containing breaking changes to address more thoroughly the security vulnerability fixed in v5.0.6, which only fixed the vulnerability without introducing breaking changes.
This release takes it one step further by adhering more closely to the JWT specification.
More specifically, verification now expects all claims except for the
audclaim to be single values, instead of supporting arrays of values.This is a breaking change because JWTs containing claims in array format (with the exception of
aud), now cause verification errors, while they were previously allowed.What's Changed
- [OPTIC-RELEASE-AUTOMATION] release/v5.0.6 by
@optic-release-automationin nearform/fast-jwt#551- feat!: align claim validation to specification by
@agublerin nearform/fast-jwt#553New Contributors
@agublermade their first contribution in nearform/fast-jwt#553Full Changelog: https://github.com/nearform/fast-jwt/compare/v5.0.6...v6.0.0
v5.0.6
SECURITY RELEASE
This release contains a fix for https://github.com/nearform/fast-jwt/security/advisories/GHSA-gm45-q3v2-6cf8.
Upgrading is strongly recommended.
Thanks to
@tibrnfor reporting, and@agublerfor fixing it.What's Changed
... (truncated)
Commits
56f00ffRelease v6.0.2f28ebf9Fix: error constructor in declaration file (#562)2181bf1docs: Add error handling section with examples (#561)6234111chore(deps-dev): bump tsd from 0.31.2 to 0.32.0 (#558)c298121Release v6.0.1 (#557)17fd233feature: support negative expiresIn when signing tokens (#556)438e18dRelease v6.0.0 (#554)c4d4580feat!: align claim validation to specification (#553)a8c6099Release v5.0.6 (#551)cc26b1dMerge commit from fork- Additional commits viewable in compare view
Updates @fastify/jwt from 6.7.0 to 10.0.0
Release notes
Sourced from @fastify/jwt's releases.
v10.0.0
What's Changed
Breaking changes
build(deps): bump fast-jwt from 5.0.6 to 6.0.1 (fastify/fastify-jwt#374)
Please see https://github.com/nearform/fast-jwt/releases/tag/v6.0.0 for details on how it might affect you.
Other
chore(license): update date ranges; standardise style (fastify/fastify-jwt#379)
v9.1.0
What's Changed
- test: migrate to node test runner by
@ilteooodin fastify/fastify-jwt#367- ci(ci): set job permissions by
@Fdawgsin fastify/fastify-jwt#370- perf: use
node:prefix to bypass require.cache call for builtins by@Fdawgsin fastify/fastify-jwt#371- fix: capture missingRequiredClaim errors and map to 401 by
@frederikprijckin fastify/fastify-jwt#369New Contributors
@ilteooodmade their first contribution in fastify/fastify-jwt#367@frederikprijckmade their first contribution in fastify/fastify-jwt#369Full Changelog: https://github.com/fastify/fastify-jwt/compare/v9.0.4...v9.1.0
v9.0.4
What's Changed
- perf: Improve performance by caching verifier (fastify/fastify-jwt#360)
Full Changelog: https://github.com/fastify/fastify-jwt/compare/v9.0.3...v9.0.4
v9.0.3
What's Changed
- chore(package): add funding and contribs by
@Fdawgsin fastify/fastify-jwt#357- perf: use optional chaining by
@Fdawgsin fastify/fastify-jwt#359- refactor: prefix unused params with underscores by
@Fdawgsin fastify/fastify-jwt#361- docs(readme): spelling and grammar fixes by
@Fdawgsin fastify/fastify-jwt#362Full Changelog: https://github.com/fastify/fastify-jwt/compare/v9.0.2...v9.0.3
v9.0.2
What's Changed
- build(deps): bump fastify/workflows from 5.0.0 to 5.0.1 by
@dependabotin fastify/fastify-jwt#349- docs: update readme to clarify fastify version compatibility by
@simonebin fastify/fastify-jwt#350- build(deps-dev): bump
@fastify/cookiefrom 10.0.1 to 11.0.1 by@dependabotin fastify/fastify-jwt#351- fix: Async key provider and errors should be resolved internally -- dynamic JWTs in tests by
@jmjfin fastify/fastify-jwt#338- style: remove trailing whitespace by
@Fdawgsin fastify/fastify-jwt#352
... (truncated)
Commits
3567a17Prepare to release 10.0.0e758062build(deps-dev): bump@types/nodefrom 22.16.0 to 24.0.10 (#380)870af5bchore(license): update date ranges; standardise style (#379)4cbf5a5build(deps-dev): bump tsd from 0.31.2 to 0.32.0 (#375)89aad69build(deps): bump fast-jwt from 5.0.6 to 6.0.1 (#374)8932cc9ci: restore job level permissions (#373)09b5810ci: set permissions at workflow level (#372)0811cf5Bumped v9.1.0523e752fix: capture missingRequiredClaim errors and map to 401 (#369)2afec02perf: usenode:prefix to bypass require.cache call for builtins (#371)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by kibertoad, a new releaser for @fastify/jwt since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Pull Request Statistics
1
2
+106
-52
Package Dependencies
Technical Details
| ID: | 8761424 |
| UUID: | 2872090598 |
| Node ID: | PR_kwDOJ_xNhM6rMJ_m |
| Host: | GitHub |
| Repository: | idylicaro/ignite-nodejs-03-api-solid-nodejs |
| Merge State: | Unknown |