Update dependency express-jwt to v7

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
express-jwt	dependencies	major	0.1.3 -> 7.7.8

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2015-9235
High	7.7	CVE-2020-15084
High	7.5	CVE-2017-18214
High	7.5	CVE-2022-24785
Medium	6.5	CVE-2016-4055
Medium	6.4	CVE-2022-23540
Medium	5.9	CVE-2022-23539
Medium	5.3	WS-2016-0075
Medium	5.0	CVE-2022-23541

---

Release Notes

auth0/express-jwt (express-jwt)

v7.7.8

Compare Source

v7.7.7

Compare Source

v7.7.6

Compare Source

v7.7.5

Compare Source

v7.7.4

Compare Source

v7.7.3

Compare Source

• Fix tsc build error for express-unless (e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)
• Remove esModuleInterop and fix assert import in tests (9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)

v7.7.2

Compare Source

• fix instaceof comparison for UnauthorizedError. closes #​292 (6c87fe401ecba868feda1ffa530082c7c539321a), closes #​292
• update changelog (b1344fa7f6f9dd3d27115a9107b3ef4323733895)

v7.7.1

Compare Source

• fix readme and package-lock (7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)
• build(deps): required runtime types (f3f5af5c214241b4f92b91c49db8586ec20e4526)
• docs: fix tiny typo (07e771857489b6344a8dc457069d040a76e84230)

v7.7.0

Compare Source

• deprecate ExpressJwtRequest in favor of Request with optional auth, closes #​284 (de169def56f98f4237741aa6755d0c5e248bd561), closes #​284

v7.6.2

Compare Source

• remove undefined from algorhitms fix #​285 (587238bd0ad7a59f784daf9f626b9bf9abc7e029), closes #​285

v7.6.1

Compare Source

• add note about @​types/jsonwebtoken in readme (03c8419d6fc78c9029a7b474d3aede7f94e80121)
• make algorithms a required parameter in types. closes #​285 (097a1df0d7ba511afce9578e4cf45bca2589b253), closes #​285
• update changelog (9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)

v7.6.0

Compare Source

• add ExpressJwtRequestUnrequired to the readme (3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)
• add SecretCallback[Long] back for backward compatibility (c24078e285908cad1c2ac0e63482a75ebf7d7328)
• update changelog (d3a8e80dec3a6c261f840ad763487a16a47bbc4b)

v7.5.2

Compare Source

• export another type for credentialsRequired: false / ExpressJwtRequestUnrequired (1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)

v7.5.1

Compare Source

• make req.auth optional in the ExpressJwtRequest type (496fda4a0a20292ca70055b6ab8fdf50414ffa2b)
• update changelog (727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)

v7.5.0

Compare Source

• export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
• improve readme and some types. Closes #​283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #​283
• restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

v7.4.3

Compare Source

• improve readme (bd2515bec698604c645decd5be93e4f401263662)

v7.4.2

Compare Source

• include '/dist' in package, closes #​280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #​280

v7.4.1

Compare Source

• fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
• update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

v7.4.0

Compare Source

• handle authorization header in cors when is upper cased. fixes #​180, #​173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #​180 #​173

v7.3.0

Compare Source

• add support for capital Authorization header. closes #​200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #​200

v7.2.0

Compare Source

• Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
• Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
• remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
• Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
• Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

v7.1.0

Compare Source

• add support for async, closes #​249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #​249
• update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

v7.0.0

Compare Source

• Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

v6.1.2

Compare Source

v6.1.1

Compare Source

v6.1.0

Compare Source

v6.0.0

Compare Source

v5.3.3

Compare Source

v5.3.2

Compare Source

v5.3.1

Compare Source

v5.3.0

Compare Source

v5.1.0

Compare Source

v5.0.0

Compare Source

v3.4.0

Compare Source

v3.3.0

Compare Source

v3.2.0

Compare Source

v3.1.0

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

v2.1.0

Compare Source

v2.0.1

Compare Source

v2.0.0

Compare Source

v1.4.0

Compare Source

v1.3.1

Compare Source

v1.3.0

Compare Source

v1.2.0

Compare Source

v1.1.0

Compare Source

v1.0.0

Compare Source

v0.6.2

Compare Source

v0.5.0

Compare Source

v0.4.0

Compare Source

v0.3.2

Compare Source

v0.3.1

Compare Source

---

• If you want to rebase/retry this PR, check this box

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: npm/jasmine-core@3.9.0, npm/jasmine-spec-reporter@7.0.0, npm/jasmine@3.99.0, npm/jwt-decode@2.2.0, npm/karma-chrome-launcher@3.1.1, npm/karma-coverage@2.2.1, npm/karma-jasmine-html-reporter@1.7.0, npm/karma-jasmine@4.0.2, npm/karma@6.4.4, npm/lodash-es@4.17.21, npm/material-icons@0.3.1, npm/ng-mat-search-bar@12.0.1, npm/ng-simple-slideshow@1.3.0-beta.11, npm/ng2-file-upload@1.4.0, npm/ngx-clipboard@15.1.0, npm/ngx-cookie@6.0.1, npm/ngx-highlightjs@6.1.3, npm/ngx-spinner@15.0.1, npm/ngx-text-diff@0.6.0, npm/ngx-window-token@6.0.0, npm/rxjs@6.6.3, npm/sass@1.83.0, npm/snarkdown@1.2.2, npm/socket.io-client@3.1.3, npm/solidity-browser-compiler@1.1.0, npm/stylelint-config-sass-guidelines@7.1.0, npm/stylelint-scss@3.21.0, npm/stylelint@13.13.1, npm/ts-node@10.9.2, npm/typescript@4.8.4, npm/zone.js@0.11.8, npm/zustand@4.4.1

View full report↗︎

[rafikmojr]

Checkmarx One – Scan Summary & Details – 248d85c2-6515-4a31-9a2f-9d8e6971897b

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-48949	Npm-elliptic-6.5.4	Vulnerable Package
	Second_Order_SQL_Injection	/routes/chatbot.ts: 24	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 45	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 45	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 45	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 24	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 45	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 45	Attack Vector
	Second_Order_SQL_Injection	/routes/chatbot.ts: 45	Attack Vector
	Stored_XSS	/routes/videoHandler.ts: 74	Attack Vector
	Stored_XSS	/routes/videoHandler.ts: 79	Attack Vector
	Stored_XSS	/routes/userProfile.ts: 76	Attack Vector
	Stored_XSS	/routes/userProfile.ts: 55	Attack Vector
	CVE-2024-47764	Npm-cookie-0.4.2	Vulnerable Package
	CVE-2024-55565	Npm-nanoid-3.1.20	Vulnerable Package
	Client_Privacy_Violation	/frontend/src/app/register/register.component.spec.ts: 150	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.spec.ts: 115	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.spec.ts: 102	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.spec.ts: 116	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.spec.ts: 103	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/app.module.ts: 222	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/register/register.component.ts: 31	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.ts: 23	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.ts: 23	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.ts: 23	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.ts: 23	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 22	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 22	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 22	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 22	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/app.module.ts: 164	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/app.module.ts: 161	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 25	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 24	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.ts: 27	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.ts: 71	Attack Vector
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.ts: 45	Attack Vector
	CVE-2024-48948	Npm-elliptic-6.5.4	Vulnerable Package
	Use_Of_Hardcoded_Password	/frontend/src/app/register/register.component.spec.ts: 136	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2020-15084	Npm-express-jwt-0.1.3
	Cxf6e7f2c1-dc59	Npm-yauzl-2.10.0
	Stored_XSS	/routes/vulnCodeFixes.ts: 28
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/vulnCodeSnippet.ts: 94
	Stored_XSS	/routes/search.ts: 24
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_3.ts: 12
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_3.ts: 11
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_1.ts: 7
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_1.ts: 6
	Stored_XSS	/routes/vulnCodeFixes.ts: 28
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/vulnCodeSnippet.ts: 94
	Stored_XSS	/routes/search.ts: 24
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_3.ts: 12
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_3.ts: 11
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_1.ts: 7
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_1.ts: 6
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_3.ts: 12
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_1.ts: 7
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts: 8
	Stored_XSS	/routes/vulnCodeFixes.ts: 28
	Stored_XSS	/routes/vulnCodeSnippet.ts: 94
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_3.ts: 11
	Stored_XSS	/routes/search.ts: 24
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_1.ts: 6
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts: 8
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/search.ts: 24
	Stored_XSS	/routes/vulnCodeFixes.ts: 28
	Stored_XSS	/routes/vulnCodeSnippet.ts: 94
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_1.ts: 7
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_1.ts: 6
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_3.ts: 12
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_3.ts: 11
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_1.ts: 7
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_3.ts: 11
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_3.ts: 12
	Stored_XSS	/routes/search.ts: 24
	Stored_XSS	/data/static/codefixes/loginAdminChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/loginBenderChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/loginJimChallenge_4.ts: 21
	Stored_XSS	/routes/login.ts: 37
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts: 8
	Stored_XSS	/routes/vulnCodeSnippet.ts: 94
	Stored_XSS	/data/static/codefixes/loginAdminChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/loginBenderChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/loginJimChallenge_4.ts: 21
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_1.ts: 6
	Stored_XSS	/routes/login.ts: 37
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/vulnCodeFixes.ts: 80
	Stored_XSS	/routes/vulnCodeFixes.ts: 28
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_3.ts: 11
	Stored_XSS	/routes/login.ts: 37
	Stored_XSS	/data/static/codefixes/loginBenderChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/loginJimChallenge_4.ts: 21
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_2_correct.ts: 8
	Stored_XSS	/data/static/codefixes/loginBenderChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_1.ts: 6
	Stored_XSS	/routes/search.ts: 24
	Stored_XSS	/data/static/codefixes/dbSchemaChallenge_3.ts: 12
	Stored_XSS	/data/static/codefixes/loginJimChallenge_4.ts: 21
	Stored_XSS	/data/static/codefixes/loginAdminChallenge_1.ts: 21
	Stored_XSS	/data/static/codefixes/unionSqlInjectionChallenge_1.ts: 7
	Stored_XSS	/data/static/codefixes/loginAdminChallenge_1.ts: 21
	CVE-2017-18214	Npm-moment-2.0.0
	CVE-2022-24785	Npm-moment-2.0.0
	Cx89601373-08db	Npm-debug-2.6.9
	Cx89601373-08db	Npm-debug-3.2.7
	CVE-2016-4055	Npm-moment-2.0.0
	Client_Privacy_Violation	/frontend/src/app/register/register.component.ts: 60
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.html: 69
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.html: 59
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.html: 53
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.html: 39
	Client_Privacy_Violation	/frontend/src/app/Services/user.service.ts: 55
	Client_Privacy_Violation	/frontend/src/app/register/register.component.ts: 60
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.html: 69
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.html: 59
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.html: 53
	Client_Privacy_Violation	/frontend/src/app/change-password/change-password.component.html: 39
	Client_Privacy_Violation	/frontend/src/app/Services/user.service.ts: 55
	Client_Privacy_Violation	/frontend/src/app/register/register.component.ts: 60
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.html: 69
	Client_Privacy_Violation	/frontend/src/app/forgot-password/forgot-password.component.html: 59
	Client_Privacy_Violation

More results are available on AST platform