From 7796e56971f193d40b2bc5e1ee414108e16c04c2 Mon Sep 17 00:00:00 2001 From: nsfisis Date: Wed, 4 Feb 2026 22:40:59 +0900 Subject: chore(deps): update dependencies and pin JWT algorithm Update all dependencies to latest patch/minor versions. Explicitly specify HS256 algorithm in JWT verify to prevent algorithm confusion attacks. Co-Authored-By: Claude Opus 4.5 --- src/server/middleware/auth.ts | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/server/middleware/auth.ts b/src/server/middleware/auth.ts index bb85b35..3ddadd6 100644 --- a/src/server/middleware/auth.ts +++ b/src/server/middleware/auth.ts @@ -44,6 +44,7 @@ export async function authMiddleware(c: Context, next: Next) { const payload = (await verify( token, getJwtSecret(), + "HS256", )) as unknown as JWTPayload; const user: AuthUser = { -- cgit v1.3-1-g0d28