Skip to content

Bump fast-jwt for security fixes#137

Open
MisterJimson wants to merge 1 commit into
anomalyco:masterfrom
MisterJimson:jason/cursor/bump-fast-jwt-security-fix
Open

Bump fast-jwt for security fixes#137
MisterJimson wants to merge 1 commit into
anomalyco:masterfrom
MisterJimson:jason/cursor/bump-fast-jwt-security-fix

Conversation

@MisterJimson

Copy link
Copy Markdown

There are a few CVEs for fast-jwt. Bumping to resolved versions here. Let me know if there is any further testing I can perform to help verify. We've been using sst with fast-jwt overridden to this version already.

@netlify

netlify Bot commented Apr 8, 2026

Copy link
Copy Markdown

Deploy Preview for sst-docs canceled.

Name Link
🔨 Latest commit dbfba01
🔍 Latest deploy log https://app.netlify.com/projects/sst-docs/deploys/69d69dd031bece00081cc7c5

@theodiablo theodiablo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, much needed! Thanks for raising @MisterJimson 🙏

We've also been flagged this, another CVE has been released (CVE-2026-44351) since this PR has been opened, it's now recommended to upgrade to 6.2.4.

"esbuild": "0.18.13",
"express": "^4.18.2",
"fast-jwt": "^3.1.1",
"fast-jwt": "^6.2.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"fast-jwt": "^6.2.0",
"fast-jwt": "^6.2.4",

Comment thread packages/sst/package.json
"esbuild": "0.18.13",
"express": "^4.18.2",
"fast-jwt": "^5.0.5",
"fast-jwt": "^6.2.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"fast-jwt": "^6.2.0",
"fast-jwt": "^6.2.4",

Comment thread pnpm-lock.yaml
Comment on lines +6484 to +6485
fast-jwt@6.2.0:
resolution: {integrity: sha512-8HzL09abkCBIaZZSOhDP8re1ozSWa6297so2u46IbeE4zznVEbYX/WrlnZP8K9GCr7gT5uT1uMvOSNZAY86DBQ==}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
fast-jwt@6.2.0:
resolution: {integrity: sha512-8HzL09abkCBIaZZSOhDP8re1ozSWa6297so2u46IbeE4zznVEbYX/WrlnZP8K9GCr7gT5uT1uMvOSNZAY86DBQ==}
fast-jwt@6.2.4:
resolution: {integrity: sha512-IoQa53wI6TbARU2yelb0L44ggFQnP2qVcwswCSYHbCAWuwpr70icDb3QjG0v01I8Tt01rVGDkN/rRvpk0lKFTA==}

Comment thread pnpm-lock.yaml
fast-json-stable-stringify@2.1.0: {}

fast-jwt@5.0.6:
fast-jwt@6.2.0:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
fast-jwt@6.2.0:
fast-jwt@6.2.4:

Comment thread pnpm-lock.yaml
Comment on lines +411 to +412
specifier: ^6.2.0
version: 6.2.0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
specifier: ^6.2.0
version: 6.2.0
specifier: ^6.2.4
version: 6.2.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants