Bump jsonwebtoken from 9.0.1 to 9.0.2 (!145) · Merge requests · school / jaar2 / billy

Dependabot requested to merge dependabot-npm_and_yarn-jsonwebtoken-9.0.2 into master Aug 31, 2023

Bumps jsonwebtoken from 9.0.1 to 9.0.2.

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.

refactor: reduce library size by using lodash specific dependencies, closes #878.

Commits

bc28861 Release 9.0.2 (#935)
96b8906 refactor: use specific lodash packages (#933)
ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
See full diff in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Bump jsonwebtoken from 9.0.1 to 9.0.2

9.0.2 - 2023-08-30

Merge request reports