dependabot npm(deps): bump jsonwebtoken from 9.0.1 to 9.0.2 (!558) · Merge requests · kgroup / bintra

Depen d'Abot requested to merge dependabot-npm_and_yarn-jsonwebtoken-9.0.2 into master Aug 31, 2023

Bumps jsonwebtoken from 9.0.1 to 9.0.2.

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.

refactor: reduce library size by using lodash specific dependencies, closes #878.

Commits

bc28861 Release 9.0.2 (#935)
96b8906 refactor: use specific lodash packages (#933)
ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
See full diff in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

dependabot npm(deps): bump jsonwebtoken from 9.0.1 to 9.0.2

9.0.2 - 2023-08-30

Merge request reports