[Snyk] Fix for 3 vulnerabilities

[iamtheluckyest]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-jwt

The new version differs by 12 commits.

• c4de5de 6.1.1
• 691fd6a Merge pull request #272 from ryanpcmcquen/prototype-pollution-vulnerability-fix
• 551bf40 Fix prototype pollution vulnerability.
• 354e1f8 6.1.0
• 3db0e6b Merge pull request #265 from pipeline1987/master
• 67bd3c4 upgrade express-unless dependency to v1.0.0
• 5cf9b0b Merge pull request #236 from auth0/dependabot/npm_and_yarn/lodash-4.17.19
• adf60bb Merge pull request #239 from auth0/update-changelog
• ed743a8 Updated changelog
• 61776e2 Bump lodash from 4.17.15 to 4.17.19
• 5fb8c88 Merge pull request #234 from gkwang/update-readme
• 43b7921 Update readme on 6.0.0 changes

See the full diff

Package name: jwks-rsa

The new version differs by 129 commits.

• 26e2fa3 Merge pull request #137 from auth0/davidpatrick-patch-1
• a9c179f Update package-lock.json
• 02d6e80 Release 1.8.0 (#136)
• 8cc9410 Added timeout with default value of 30s (#132)
• 1ec5217 Migrate from Request (#135)
• a3ba52e Allow JWT to not contain a "kid" value (#55)
• 398c05e Merge pull request #130 from auth0/prepare/1.7.0
• be9600a Release 1.7.0
• d0c5787 Merge pull request #129 from auth0/fix-linter-issues
• d122f08 fix linter issues
• 31177e3 Merge pull request #125 from Ogdentrod/feat/add-proxy
• 51d99e9 Merge branch 'master' into feat/add-proxy
• 5fc0f15 Merge pull request #128 from auth0/lbalmaceda-patch-1
• 6d304e5 Send the explicit commit SHA to Codecov
• 70efc54 Merge branch 'feat/add-proxy' of github.com:Ogdentrod/node-jwks-rsa into feat/add-proxy
• bc915d7 test: better testing for proxy
• 0988ccc Merge branch 'master' into feat/add-proxy
• b8ffdb6 Merge pull request #127 from auth0/add-ci
• 6663fc2 add badges to the README
• 7650ecb add CircleCI build and generate coverage
• c7c7ba5 feat: add proxy option to jwksClient
• 73a087d Merge pull request #123 from auth0/cacheChanges
• 17e83df Modify Cache Defaults
• 998a32d Merge pull request #121 from auth0/prepare-release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)