parse-community:release-4.x.x
← parse-community:snyk-fix-1f51ce769dbe2fe4db1308afb5d3520c
opened 10:27PM - 22 Dec 22 UTC
<p>This PR was automatically created by Snyk using the credentials of a real use…r.</p><br /><h3>Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.</h3>
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **671/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 7.7 | Improper Input Validation <br/>[SNYK-JS-JSONWEBTOKEN-3180020](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020) | Yes | No Known Exploit
![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **611/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 6.5 | Improper Authentication <br/>[SNYK-JS-JSONWEBTOKEN-3180022](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022) | Yes | No Known Exploit
![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **611/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment <br/>[SNYK-JS-JSONWEBTOKEN-3180024](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024) | Yes | No Known Exploit
![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **526/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 4.8 | Use of a Broken or Risky Cryptographic Algorithm <br/>[SNYK-JS-JSONWEBTOKEN-3180026](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>jsonwebtoken</b></summary>
The new version differs by 17 commits.</br>
<ul>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3">e1fa9dc</a> Merge pull request from GHSA-8cf7-32gw-wr33</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/5eaedbf2b01676d952336e73b4d2efba847d2d1b">5eaedbf</a> chore(ci): remove github test actions job (#861)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/cd4163eb1407aab0b3148f91b0b9c26276b96c6b">cd4163e</a> chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6">ecdf6cc</a> fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16">8345030</a> fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/7e6a86b1c25e5fd05733c52c118848341aba1c4e">7e6a86b</a> Upload OpsLevel YAML (#849)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/74d5719bd03993fcf71e3b176621f133eb6138c0">74d5719</a> docs: update references vercel/ms references (#770)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/d71e383862fc735991fd2e759181480f066bf138">d71e383</a> docs: document "invalid token" error</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/37650031fd0bac1a5b0d682bbfcf8c1705917aa9">3765003</a> docs: fix spelling in README.md: Peak -> Peek (#754)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/a46097e962621ab2ba718d1da6025cdeba3597c8">a46097e</a> docs: make decode impossible to discover before verify</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/15a1bc449ab529d540eb9c2be4e093f9f5b0278d">15a1bc4</a> refactor: make decode non-enumerable</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/5f10bf9957a2541828501cfecab0310908b2f62f">5f10bf9</a> docs: add jwtid to options of jwt.verify (#704)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/88cb9df18a1d2a7b24f8cfeaa6f5f5b87d2c027f">88cb9df</a> Replace tilde-indexOf with includes (#647)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/a6235fa561b5c30884c97ea0b30c3db3b546ae2c">a6235fa</a> Adds not to README on decoded payload validation (#646)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/5ed1f061869b7d4e624a51789fd4a135ddb34b45">5ed1f06</a> docs: fix tiny style change in readme (#622)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/9fb90cae493b6c556feba04477109e1cbef7f149">9fb90ca</a> style: add missing semicolon (#641)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/commit/a9e38b8bab4fc8532eccb9d97712bbf566a1fc6a">a9e38b8</a> ci: use circleci (#589)</li>
</ul>
<a href="https://snyk.io/redirect/github/auth0/node-jsonwebtoken/compare/7f1f8b4b842ca3168018ab1ef53001105a1a2948...e1fa9dcc12054a8681db4e6373da1b30cf7016e3">See the full diff</a>
</details>
<details>
<summary>Package name: <b>jwks-rsa</b></summary>
The new version differs by 12 commits.</br>
<ul>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/1e3ba0635b711d2743554c0ca443bccf1ac68e56">1e3ba06</a> Removes babel (#226)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/9c4fddf34cbd37bf86292becbfa1ab7990b1a843">9c4fddf</a> Update README.md</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/914dd424cd2fb7d562c961b92eadbd5a47e1e097">914dd42</a> V2 Release (#225)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/06217d72e66a3943d4789bed60446328b8a387f8">06217d7</a> fix: missing export (#217)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/8dc969858e789ca07fa0c90109f434364fce0276">8dc9698</a> Update cov path (#224)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/b66e83f8609797f7a5d712baba76a5d25043d707">b66e83f</a> Simplify request wrapper (#218)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/2408cac657c49275bf0a3526c2d7dd1df2eea11f">2408cac</a> Add alg to SigningKey types (#220)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/596e944357b8c7c11c1f73890e4982f45e734cbf">596e944</a> Merge pull request #221 from auth0/fix-package-lock</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/9148f51043b0c84ace805ffa7f64d796165b60a6">9148f51</a> jfrog -> npmjs</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/589dde80a792d49286d669c80367a82a6625472a">589dde8</a> Pinning Node Engine Versions (#212)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/dab5112bd2e274af1fa339aa89734110216ed0bf">dab5112</a> Release 1.12.2 (#213)</li>
<li><a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/commit/61d434324498c77e9d109bf3b7fb23976c93bb35">61d4343</a> full JWK/JWS support (#205)</li>
</ul>
<a href="https://snyk.io/redirect/github/auth0/node-jwks-rsa/compare/f99d26196086a4915328c2ac0fde3a7aa2c3cc2d...1e3ba0635b711d2743554c0ca443bccf1ac68e56">See the full diff</a>
</details>
</details>
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4OWUwZTRiNC0xNGRkLTQ4NjQtYWVjOC0wOTliOGVjNDgzNWYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijg5ZTBlNGI0LTE0ZGQtNDg2NC1hZWM4LTA5OWI4ZWM0ODM1ZiJ9fQ==" width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/acinader/project/336712ed-1f11-481e-b163-45aa355637b8?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/acinader/project/336712ed-1f11-481e-b163-45aa355637b8?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"89e0e4b4-14dd-4864-aec8-099b8ec4835f","prPublicId":"89e0e4b4-14dd-4864-aec8-099b8ec4835f","dependencies":[{"name":"jsonwebtoken","from":"8.5.1","to":"9.0.0"},{"name":"jwks-rsa","from":"1.12.3","to":"2.0.0"}],"packageManager":"npm","projectPublicId":"336712ed-1f11-481e-b163-45aa355637b8","projectUrl":"https://app.snyk.io/org/acinader/project/336712ed-1f11-481e-b163-45aa355637b8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-JSONWEBTOKEN-3180020","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026"],"upgrade":["SNYK-JS-JSONWEBTOKEN-3180020","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[671,611,611,526]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Use of a Broken or Risky Cryptographic Algorithm](https://learn.snyk.io/lessons/insecure-hash/javascript/?loc=fix-pr)