Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade jwt-decode from 3.1.2 to 4.0.0 #10411

Merged
merged 2 commits into from
Dec 13, 2023
Merged

[Snyk] Upgrade jwt-decode from 3.1.2 to 4.0.0 #10411

merged 2 commits into from
Dec 13, 2023

Conversation

rpt-uk-github
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade jwt-decode from 3.1.2 to 4.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2023-10-27.
Release notes
Package name: jwt-decode
  • 4.0.0 - 2023-10-27

    A new version of the library, including a couple of improvements:

    • No longer include a polyfill for atob, as this is supported in all major browsers (and node environments > 14).
    • Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
    • Use Node's atob when running on node.
    • Drop support for Node 14 and 16, add support for Node 20.
    • Add support for package.json's exports field, for better CJS/ESM support
    • Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
    • Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
    • Infer JwtPayload and JwtHeader default types from the header argument by using overloads.

    Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.

    Migration to v4.0.0

    The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:

    -import jwtDecodefrom "jwt-decode";
+import { jwtDecode } from "jwt-decode";
  • 4.0.0-beta.4 - 2023-09-05

    Breaking changes

    Fixed

  • 4.0.0-beta.3 - 2023-08-16

    Breaking changes

    Changed

  • 4.0.0-beta.2 - 2023-08-04

    Changed

    Fixed

    • Ensure types are bundled and correctly linked #174 (jonkoops)
  • 4.0.0-beta.1 - 2023-07-29

    Fixed

  • 4.0.0-beta.0 - 2023-07-28

    A new version of the library, including a couple of improvements:

    • No longer include a polyfill for atob, as this is supported in all major browsers (and node environments > 14).
    • Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
    • Use Node's atob when running on node.
    • Drop support for Node 14, add support for Node 20.
    • Add support for package.json's exports field, for better CJS/ESM support
    • Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
    • Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
    • Infer JwtPayload and JwtHeader default types from the header argument by using overloads.

    Additionally, this PR ensures the file size is decreased:

    • ESM and CJS decreased by 22%
    • UMD decreased by 37%

    Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.

  • 3.1.2 - 2020-11-16

    3.1.2

from jwt-decode GitHub release notes
Commit messages
Package name: jwt-decode

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 13, 2023

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@willmcvay willmcvay merged commit 73568da into master Dec 13, 2023
13 checks passed
@willmcvay willmcvay deleted the snyk-upgrade-b51bac4e7e229b13c9f91614240aab5d branch December 13, 2023 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmcvay willmcvay willmcvay approved these changes

Assignees
No one assigned
Labels
events-service
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rpt-uk-github @willmcvay @snyk-bot