[PR #4748] [MERGED] jws bump #4748

Closed
opened 2026-02-22 18:36:27 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/4748
Author: @timothycarambat
Created: 12/9/2025
Status: Merged
Merged: 12/9/2025
Merged by: @timothycarambat

Base: masterHead: chore/bump-jsonwebtoken


📝 Commits (1)

📊 Changes

2 files changed (+654 additions, -86 deletions)

View changed files

📝 server/package.json (+4 -1)
📝 server/yarn.lock (+650 -85)

📄 Description

Pull Request Type

  • feat
  • 🐛 fix
  • ♻️ refactor
  • 💄 style
  • 🔨 chore
  • 📝 docs

Relevant Issues

resolves #xxx

What is in this change?

  • Bumps jws to 3.2.3 minimum across dependency graph to patch CVE-2025-65945

Required jws being >=4.0.1 || 3.2.3

jws is a transitive dep from mssql that currently uses 3.2.2 which we can resolution to 3.2.3 without breaking changes.

Before resolutions were used I did check to ensure that bumping mssql to the latest would still not fix the change. Even on the latest mssql this jws version still has a potential CVE

The aforementioned CVE does not effect us at all, but we can still bump to simply avoid it entirely as well as squash diffs of jws

Additional Information

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/4748 **Author:** [@timothycarambat](https://github.com/timothycarambat) **Created:** 12/9/2025 **Status:** ✅ Merged **Merged:** 12/9/2025 **Merged by:** [@timothycarambat](https://github.com/timothycarambat) **Base:** `master` ← **Head:** `chore/bump-jsonwebtoken` --- ### 📝 Commits (1) - [`78db433`](https://github.com/Mintplex-Labs/anything-llm/commit/78db4337a6a58ba91aa08dffc69ecde08a1ecf1a) `jws` bump ### 📊 Changes **2 files changed** (+654 additions, -86 deletions) <details> <summary>View changed files</summary> 📝 `server/package.json` (+4 -1) 📝 `server/yarn.lock` (+650 -85) </details> ### 📄 Description ### Pull Request Type <!-- For change type, change [ ] to [x]. --> - [ ] ✨ feat - [ ] 🐛 fix - [ ] ♻️ refactor - [ ] 💄 style - [ ] 🔨 chore - [ ] 📝 docs ### Relevant Issues <!-- Use "resolves #xxx" to auto resolve on merge. Otherwise, please use "connect #xxx" --> resolves #xxx ### What is in this change? - Bumps `jws` to 3.2.3 minimum across dependency graph to patch CVE-2025-65945 Required jws being >=4.0.1 || 3.2.3 `jws` is a transitive dep from `mssql` that currently uses `3.2.2` which we can `resolution` to 3.2.3 without breaking changes. Before resolutions were used I did check to ensure that bumping mssql to the latest would _still_ not fix the change. Even on the latest `mssql` this `jws` version still has a potential CVE The aforementioned CVE does not effect us at all, but we can still bump to simply avoid it entirely as well as squash diffs of `jws` <!-- Describe the changes in this PR that are impactful to the repo. --> ### Additional Information <!-- Add any other context about the Pull Request here that was not captured above. --> ### Developer Validations <!-- All of the applicable items should be checked. --> - [ ] I ran `yarn lint` from the root of the repo & committed changes - [ ] Relevant documentation has been updated - [ ] I have tested my code functionality - [ ] Docker build succeeds locally --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:36:27 -05:00
yindo closed this issue 2026-02-22 18:36:27 -05:00
yindo changed title from [PR #4748] `jws` bump to [PR #4748] [MERGED] `jws` bump 2026-06-05 15:20:10 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#4748