Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability in the hoek module, please update the jsonwebtoken module #179

Closed
papandreou opened this issue Feb 16, 2018 · 3 comments
Closed

Security vulnerability in the hoek module, please update the jsonwebtoken module #179

papandreou opened this issue Feb 16, 2018 · 3 comments

Comments

@papandreou
Copy link

A security vulnerability advisory has been issued for the hoek module: https://nodesecurity.io/advisories/566

Hoek is an indirect dependency of nexmo via jsonwebtoken (^7.1.9) -> joi (^6.10.1).

Luckily, jsonwebtoken removed the joi dependency in 8.0.0, so it seems like it's just a matter of updating to jsonwebtoken 8.x. The list of breaking changes in version 8 doesn't look too worrying.
@ralphkocher
Copy link

Theres also the used request API effected:

[email protected] > [email protected]

@papandreou
Copy link
Author

@mheap, looks like you addressed this in 04fbf96, thanks! Will there be a new (not pre)release soon?

@mheap
Copy link
Contributor

mheap commented Apr 29, 2018

@papandreou 2.2.1 has just been released via NPM. Thanks for reporting, and apologies for the delay

@mheap mheap closed this as completed Apr 29, 2018
@snyk-bot snyk-bot mentioned this issue Apr 25, 2020
Merged
@josephjclark josephjclark mentioned this issue Aug 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mheap @papandreou @ralphkocher