Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update lcobucci/jwt (minor) #2155

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

lewiscowleschipuk
Copy link

Gets passed this snyk vulnerability report

@lewiscowleschipuk
Copy link
Author

lewiscowleschipuk commented Oct 22, 2021

With this PR:

npx snyk test --file=composer.json --file=composer.lock
npx: installed 1 in 2.21s

Testing /Users/lewiscowles01/Projects/jwt-auth...

Organization:      lewis.cowles
Package manager:   composer
Target file:       composer.lock
Project name:      tymon/jwt-auth
Open source:       no
Project path:      /Users/lewiscowles01/Projects/jwt-auth
Licenses:          enabled

✔ Tested 61 dependencies for known issues, no vulnerable paths found.

Tip: Detected multiple supported manifests (2), use --all-projects to scan all of them at once.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

Without:

npx snyk test --file=composer.json --file=composer.lock
npx: installed 1 in 3.184s

Testing /Users/lewiscowles01/Projects/jwt-auth...

✗ Medium severity vulnerability found in lcobucci/jwt
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-PHP-LCOBUCCIJWT-1726912
  Introduced through: lcobucci/[email protected]
  From: lcobucci/[email protected]
  Fixed in: 4.1.5, 4.0.4, 3.4.6



Organization:      lewis.cowles
Package manager:   composer
Target file:       composer.lock
Project name:      tymon/jwt-auth
Open source:       no
Project path:      /Users/lewiscowles01/Projects/jwt-auth
Licenses:          enabled

Tested 61 dependencies for known issues, found 1 issue, 1 vulnerable path.

Tip: Detected multiple supported manifests (2), use --all-projects to scan all of them at once.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant