Merge pull request #442 from swrlab/dev/CVE-2022-23529

chore: update `jsonwebtoken` to mitigate CVE-2022-23529
swrlab · Dec 23, 2022 · ae345c5 · ae345c5
2 parents 4a5e91f + 63a2caa
commit ae345c5
Show file tree

Hide file tree

Showing 7 changed files with 146 additions and 174 deletions.
diff --git a/.github/workflows/ingest-pull.yml b/.github/workflows/ingest-pull.yml
@@ -37,10 +37,10 @@ jobs:
         run: yarn
 
       - name: 🔑 Setup Google Cloud Auth
-        uses: google-github-actions/setup-gcloud@v1
+        uses: google-github-actions/auth@v1
         with:
-          service_account_key: ${{ secrets.GCP_GITHUB_SERVICE_ACCOUNT_KEY }}
-          export_default_credentials: true
+          credentials_json: ${{ secrets.GCP_GITHUB_SERVICE_ACCOUNT_KEY }}
+          create_credentials_file: true
 
       - name: 📚 Lint Code
         run: yarn ingest:lint

diff --git a/.github/workflows/ingest-push.yml b/.github/workflows/ingest-push.yml
@@ -48,9 +48,6 @@ jobs:
           credentials_json: ${{ secrets.GCP_GITHUB_SERVICE_ACCOUNT_KEY }}
           create_credentials_file: true
 
-      - name: 🏗 Set up Cloud SDK
-        uses: google-github-actions/setup-gcloud@v1
-
       - name: 📚 Lint Code
         run: yarn ingest:lint
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.4.1] - 2022-12-23
+
+- chore: update `jsonwebtoken` to mitigate CVE-2022-23529
+
 ## [1.4.0] - 2022-11-24
 
 - chore: update express-openapi-validator to `v5`

diff --git a/openapi.json b/openapi.json
@@ -11,7 +11,7 @@
 			"name": "European Union Public License 1.2",
 			"url": "https://spdx.org/licenses/EUPL-1.2.html"
 		},
-		"version": "1.4.0"
+		"version": "1.4.1"
 	},
 	"externalDocs": {
 		"description": "ARD-Eventhub Documentation",

diff --git a/openapi.yaml b/openapi.yaml
@@ -10,7 +10,7 @@ info:
   license:
     name: European Union Public License 1.2
     url: "https://spdx.org/licenses/EUPL-1.2.html"
-  version: 1.4.0
+  version: 1.4.1
 externalDocs:
   description: ARD-Eventhub Documentation
   url: "https://swrlab.github.io/ard-eventhub/"

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "ard-eventhub",
-	"version": "1.4.0",
+	"version": "1.4.1",
 	"description": "ARD system to distribute real-time (live) metadata for primarily radio broadcasts.",
 	"main": "./src/ingest/index.js",
 	"engines": {
@@ -31,16 +31,16 @@
 	"dependencies": {
 		"@google-cloud/datastore": "^7.0.0",
 		"@google-cloud/pubsub": "^3.2.1",
-		"@google-cloud/secret-manager": "^4.1.4",
-		"@swrlab/utils": "^1.0.1",
+		"@google-cloud/secret-manager": "^4.2.0",
+		"@swrlab/utils": "^1.1.0",
 		"compression": "^1.7.4",
-		"dd-trace": "^3.8.0",
+		"dd-trace": "^3.9.3",
 		"dotenv": "^16.0.3",
 		"express": "4.18.2",
 		"express-openapi-validator": "^5.0.0",
-		"firebase-admin": "^11.3.0",
+		"firebase-admin": "^11.4.1",
 		"google-auth-library": "^8.7.0",
-		"jsonwebtoken": "^8.5.1",
+		"jsonwebtoken": "^9.0.0",
 		"moment": "^2.29.4",
 		"slug": "^8.2.2",
 		"swagger-ui-express": "^4.6.0",
@@ -53,13 +53,13 @@
 		"chai": "^4.3.7",
 		"chai-http": "^4.3.0",
 		"docsify-cli": "^4.4.4",
-		"eslint": "^8.28.0",
+		"eslint": "^8.30.0",
 		"eslint-plugin-chai-friendly": "^0.7.2",
 		"license-compliance": "^1.2.5",
-		"mocha": "^10.1.0",
+		"mocha": "^10.2.0",
 		"nodemon": "^2.0.20",
-		"prettier": "^2.8.0",
-		"typescript": "^4.9.3"
+		"prettier": "^2.8.1",
+		"typescript": "^4.9.4"
 	},
 	"resolutions": {
 		"ansi-regex": "^5.0.1",