Update dependencies to fix security vulnerability

npm audit report: jsonwebtoken <=8.5.1 Severity: high jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6 jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33 fix available via `npm audit fix --force` Will install auth0@3.0.1, which is a breaking change node_modules/jsonwebtoken auth0 2.13.0 - 3.0.0 Depends on vulnerable versions of jsonwebtoken Depends on vulnerable versions of jwks-rsa node_modules/auth0 jwks-rsa 1.5.1 - 1.12.3 Depends on vulnerable versions of jsonwebtoken node_modules/jwks-rs Test: npm install && npm run build:all && npm run test:unit Change-Id: I47dfb353718cd3c40dd7060d2c31cb5e1ebaec43
2022-12-23 15:55:25 +00:00
parent 70945707bd
commit 67dda587bb
2 changed files with 3765 additions and 3236 deletions
--- a/tools/winscope-ng/package-lock.json
+++ b/tools/winscope-ng/package-lock.json
--- a/tools/winscope-ng/package.json
+++ b/tools/winscope-ng/package.json
@@ -37,7 +37,7 @@
    "@types/jsbn": "^1.2.30",
    "@types/three": "^0.143.0",
    "angular2-template-loader": "^0.6.2",
-    "auth0": "^2.42.0",
+    "auth0": "^3.0.1",
    "dateformat": "^5.0.3",
    "gl-matrix": "^3.4.3",
    "html-loader": "^3.1.0",