Update dependency express-jwt to v7 by dev-mend-for-github-com[bot] · Pull Request #90 · amaybaum-dev/juice-shop2

dev-mend-for-github-com · 2026-03-12T15:57:36Z

This PR contains the following updates:

Package	Type	Update	Change
express-jwt	dependencies	major	`0.1.3` → `7.7.8`

By merging this PR, the issue #1 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Critical	9.8	CVE-2015-9235
High	7.7	CVE-2020-15084
Medium	6.5	CVE-2016-4055
Medium	6.4	CVE-2022-23540
Medium	5.9	CVE-2022-23539
Medium	5.5	GHSA-hxf5-mg84-pj4m
Medium	5.0	CVE-2022-23541
Medium	4.6	CVE-2016-1000223

Release Notes

auth0/express-jwt (express-jwt)

Fix tsc build error for express-unless (e1fe1d264bc5363e008d23fea9d8c5d2ac0d8198)
Remove esModuleInterop and fix assert import in tests (9ccf0cfd6aaa4cc61fce2f8ccdb961c4b0358201)

`v7.7.2`

Compare Source

fix instaceof comparison for UnauthorizedError. closes #292 (6c87fe401ecba868feda1ffa530082c7c539321a), closes #292
update changelog (b1344fa7f6f9dd3d27115a9107b3ef4323733895)

`v7.7.1`

Compare Source

fix readme and package-lock (7a02ca76c5d7842cfa8b256dcc89dcef1ffbcdc1)
build(deps): required runtime types (f3f5af5c214241b4f92b91c49db8586ec20e4526)
docs: fix tiny typo (07e771857489b6344a8dc457069d040a76e84230)

`v7.7.0`

Compare Source

deprecate ExpressJwtRequest in favor of Request with optional auth, closes #284 (de169def56f98f4237741aa6755d0c5e248bd561), closes #284

`v7.6.2`

Compare Source

remove undefined from algorhitms fix #285 (587238bd0ad7a59f784daf9f626b9bf9abc7e029), closes #285

`v7.6.1`

Compare Source

add note about @types/jsonwebtoken in readme (03c8419d6fc78c9029a7b474d3aede7f94e80121)
make algorithms a required parameter in types. closes #285 (097a1df0d7ba511afce9578e4cf45bca2589b253), closes #285
update changelog (9d0f02debb7a3db83edbc9f9b4b6d46993e6a4f4)

`v7.6.0`

Compare Source

add ExpressJwtRequestUnrequired to the readme (3890f53f87b0a84dccaafd8de5a43d3c1dfeae89)
add SecretCallback[Long] back for backward compatibility (c24078e285908cad1c2ac0e63482a75ebf7d7328)
update changelog (d3a8e80dec3a6c261f840ad763487a16a47bbc4b)

`v7.5.2`

Compare Source

export another type for credentialsRequired: false / ExpressJwtRequestUnrequired (1bdb6f3d0cc5f61b7a7b097f700d20cb337d4bef)

`v7.5.1`

Compare Source

make req.auth optional in the ExpressJwtRequest type (496fda4a0a20292ca70055b6ab8fdf50414ffa2b)
update changelog (727b57ddfec1f1c5ee4e16cb335ad1ae5a3c131f)

`v7.5.0`

Compare Source

export TokenGetter (eb7479b834fb0e052ffad4279394ce353bb13770)
improve readme and some types. Closes #283 (1a67f69c8781179d3ce7e5f3de8ece40d31c1772), closes #283
restore requestProperty (bf143d07497046b3e7921d3dd4bcbc18e2daeb67)

`v7.4.3`

Compare Source

improve readme (bd2515bec698604c645decd5be93e4f401263662)

`v7.4.2`

Compare Source

include '/dist' in package, closes #280 (cf2665d5581e76ed5742e7c2f34b8d05f91cfd18), closes #280

`v7.4.1`

Compare Source

fix readme definition for revoked and secret callbacks (9015cf729cfbbf1b28a9646cccbf26d523dce1de)
update changelog (05d7a78baaf76a2a881a95666b0ec7349729d957)

`v7.4.0`

Compare Source

handle authorization header in cors when is upper cased. fixes #180, #173 (ab0ee806416e3a5a48ef8a1017a298e1a666b17a), closes #180 #173

`v7.3.0`

Compare Source

add support for capital Authorization header. closes #200 (6c0698b513e11ff1d4b152e070a627f5092be801), closes #200

`v7.2.0`

Compare Source

Add example on how to enable jwt for specific path (280511342522f11a90da93187a44af1a1b3cf5eb)
Fix link to auth0.com (b04cb9dea9a9fb2dc999a8dbf30ba6f204f50d15)
remove travis badge (a854342c28f7186ec70e298124b4d650a26767b2)
Update docs to continue error handling on mismatch (627b358d07b19d299964a5ef18a772db9b6426e2)
Update README.md (8d7af267189a49f42b88807d236647bd7398fde3)

`v7.1.0`

Compare Source

add support for async, closes #249 (72236ec1cfb0e7847351c83908be1d84141e30f1), closes #249
update changelog (cb50ed43b2de9ae9be8643e7834640fa912ef367)

`v7.0.0`

Compare Source

Convert the project to typescript and improve typescript (2b43ccb7252f2cc2fb3c2655a252fd7ae58ce0dd)

`v6.1.2`

Compare Source

`v6.1.1`

Compare Source

`v6.1.0`

Compare Source

`v6.0.0`

Compare Source

`v5.3.3`

Compare Source

`v5.3.2`

Compare Source

`v5.3.1`

Compare Source

`v5.3.0`

Compare Source

`v5.1.0`

Compare Source

`v5.0.0`

Compare Source

`v3.4.0`

Compare Source

`v3.3.0`

Compare Source

`v3.2.0`

Compare Source

`v3.1.0`

Compare Source

`v3.0.1`

Compare Source

`v3.0.0`

Compare Source

`v2.1.0`

Compare Source

`v2.0.1`

Compare Source

`v2.0.0`

Compare Source

`v1.4.0`

Compare Source

`v1.3.1`

Compare Source

`v1.3.0`

Compare Source

`v1.2.0`

Compare Source

`v1.1.0`

Compare Source

`v1.0.0`

Compare Source

`v0.6.2`

Compare Source

`v0.5.0`

Compare Source

`v0.4.0`

Compare Source

`v0.3.2`

Compare Source

`v0.3.1`

Compare Source

If you want to rebase/retry this PR, check this box

Update dependency express-jwt to v7

840f2a8

dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Mar 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express-jwt to v7#90

Update dependency express-jwt to v7#90
dev-mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/express-jwt-7.x

dev-mend-for-github-com bot commented Mar 12, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dev-mend-for-github-com bot commented Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dev-mend-for-github-com bot commented Mar 12, 2026 •

edited

Loading