Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: auth0/node-jsonwebtoken
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8afff56c07b71b5bfbb41508cda4a03a9c1eb9de
Choose a base ref
...
head repository: auth0/node-jsonwebtoken
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: bc28861f1fa981ed9c009e29c044a19760a0b128
Choose a head ref
  • 4 commits
  • 3 files changed
  • 1 contributor

Commits on Jul 5, 2023

  1. Updating package version to 9.0.1 (#920)

    @jakelacey2012
    jakelacey2012 authored Jul 5, 2023
    Copy the full SHA
    84539b2 View commit details

Commits on Aug 30, 2023

  1. security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)

    @jakelacey2012
    jakelacey2012 authored Aug 30, 2023
    Copy the full SHA
    ed35062 View commit details

  2. refactor: use specific lodash packages (#933) 

    This is to reduce the size of the bundle users have to install.
    @jakelacey2012
    jakelacey2012 authored Aug 30, 2023
    Copy the full SHA
    96b8906 View commit details

  3. Release 9.0.2 (#935)

    @jakelacey2012
    jakelacey2012 authored Aug 30, 2023
    Loading
    Loading status checks…
    Copy the full SHA
    bc28861 View commit details
Showing with 25 additions and 4 deletions.
  1. +9 −0 CHANGELOG.md
  2. +9 −3 package.json
  3. +7 −1 sign.js
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -4,6 +4,15 @@
All notable changes to this project will be documented in this file starting from version **v4.0.0**.
This project adheres to [Semantic Versioning](http://semver.org/).

## 9.0.2 - 2023-08-30

- security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes [#921](https://github.com/auth0/node-jsonwebtoken/issues/921).
- refactor: reduce library size by using lodash specific dependencies, closes [#878](https://github.com/auth0/node-jsonwebtoken/issues/878).

## 9.0.1 - 2023-07-05

- fix(stubs): allow decode method to be stubbed

## 9.0.0 - 2022-12-21

**Breaking changes: See [Migration from v8 to v9](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)**
12 changes: 9 additions & 3 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jsonwebtoken",
"version": "9.0.0",
"version": "9.0.2",
"description": "JSON Web Token implementation (symmetric and asymmetric)",
"main": "index.js",
"nyc": {
@@ -37,9 +37,15 @@
},
"dependencies": {
"jws": "^3.2.2",
"lodash": "^4.17.21",
"lodash.includes": "^4.3.0",
"lodash.isboolean": "^3.0.3",
"lodash.isinteger": "^4.0.4",
"lodash.isnumber": "^3.0.3",
"lodash.isplainobject": "^4.0.6",
"lodash.isstring": "^4.0.1",
"lodash.once": "^4.0.0",
"ms": "^2.1.1",
"semver": "^7.3.8"
"semver": "^7.5.4"
},
"devDependencies": {
"atob": "^2.1.2",
8 changes: 7 additions & 1 deletion sign.js
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,13 @@ const timespan = require('./lib/timespan');
const PS_SUPPORTED = require('./lib/psSupported');
const validateAsymmetricKey = require('./lib/validateAsymmetricKey');
const jws = require('jws');
const {includes, isBoolean, isInteger, isNumber, isPlainObject, isString, once} = require('lodash')
const includes = require('lodash.includes');
const isBoolean = require('lodash.isboolean');
const isInteger = require('lodash.isinteger');
const isNumber = require('lodash.isnumber');
const isPlainObject = require('lodash.isplainobject');
const isString = require('lodash.isstring');
const once = require('lodash.once');
const { KeyObject, createSecretKey, createPrivateKey } = require('crypto')

const SUPPORTED_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none'];