Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #45981 jsonwebtoken: 9.0.0 -> 9.0.3
    Infos
    #45981
    Joris MASSON (jmasson)
    2025-12-08 12:14
    2025-12-08 10:41
    47703
    Details
    jsonwebtoken: 9.0.0 -> 9.0.3

    Changelog: https://github.com/auth0/node-jsonwebtoken/blob/v9.0.3/CHANGELOG.md#903---2025-12-04
    The goal of the upgrade is to upgrade the transitive dependency jws to v4.0.1 to fix CVE-2025-65945

    Changelog for jws 4.0.1 : https://github.com/auth0/node-jws/blob/v4.0.1/CHANGELOG.md#401

    Other
    All
    Empty
    • [ ] enhancement
    • [x] internal improvement
    Empty
    Stage
    Joris MASSON (jmasson)
    Closed
    2025-12-08
    Attachments
    Empty
    References
    Referencing request #45981

    Git commit

    tuleap/tuleap/stable

    chore: request #45981 jsonwebtoken: 9.0.0 -> 9.0.3 52c0920bbc
    User avatar Joris MASSON (jmasson) , 2025-12-08 11:01
    Merge 'gerrit #36368' into stable/master 8705e92130
    User avatar Thomas Gerbet (tgerbet) , 2025-12-08 12:11
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2025-12-08 11:59

    No security impact for Tuleap, we (indirectly) use jwt.verify() that is not impacted.