[Snyk] Upgrade: express-promise-router, passport, passport-jwt, vue-router

[quocthinh78]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

express-promise-router
from 4.1.0 to 4.1.1 | 1 version ahead of your current version | 3 years ago
on 2021-11-30
passport
from 0.4.1 to 0.7.0 | 6 versions ahead of your current version | 10 months ago
on 2023-11-27
passport-jwt
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-12-24
vue-router
from 3.5.1 to 3.6.5 | 9 versions ahead of your current version | 2 years ago
on 2022-09-06

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Session Fixation SNYK-JS-PASSPORT-2840631	454	No Known Exploit

Release notes

Package name: express-promise-router

• 4.1.1 - 2021-11-30
  

  Patch Changes

  • f72e317: Router handler functions now include all additional properties to aid discoverability of registered routes.
• 4.1.0 - 2021-03-21
  

  Minor Changes

  • c2f70e2: The handler function now uses the name of the original (wrapped) handler as its name to aid in debugging and tracing.

from express-promise-router GitHub release notes

Package name: passport

• 0.7.0 - 2023-11-27
  

  0.7.0

• 0.6.0 - 2022-05-20
  

  0.6.0

• 0.5.3 - 2022-05-16
  

  0.5.3

• 0.5.2 - 2021-12-16
  

  0.5.2

• 0.5.1 - 2021-12-15
  

  0.5.1

• 0.5.0 - 2021-09-23
  

  0.5.0

• 0.4.1 - 2019-12-09
  

  0.4.1

from passport GitHub release notes

Package name: passport-jwt

• 4.0.1 - 2022-12-24
  
  • Updates jsonwebtoken dependency to ^9.0.0 to address high severity
    vulnerability CVE-2022-3517
  • Updates a number of other dependencies
  • Fixes a number of typos

  [Developer facing]

  • Updates CI to use github actions
• 4.0.0 - 2018-03-13
  

  Fixes #147 - Vulnerability due to dependency on jsonwebtoken 7.x.x

from passport-jwt GitHub release notes

Package name: vue-router

• 3.6.5 - 2022-09-06
• 3.6.4 - 2022-08-25
• 3.6.3 - 2022-08-23
• 3.6.2 - 2022-08-23
• 3.6.1 - 2022-08-23
• 3.6.0 - 2022-08-22
• 3.5.4 - 2022-05-16
• 3.5.3 - 2021-10-26
• 3.5.2 - 2021-06-21
• 3.5.1 - 2021-01-26

from vue-router GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs