Closed jankratochvilcz closed 3 years ago
Thanks for identifying this.
Please let me know how can I help here and at which point you could take a look into this further. Our CI is strict about high-severity vulnerabilities, so I could take a swing at migrating to the new library version as well. There are some non-specified breaking changes awaiting in v6 ref, but maybe they won't be a problem.
Let me know how you'd like to proceed here.
My plan for this library is to try updating the auth-library to v6 and run tests/sample. I don't believe there'd be any breakages, or if so they'd be minimal.
Thanks @Fleker, appreciate it! If you could give me a rough estimate of when you could take a look it'd help us plan on our side :-)
I hope to have an update before the week's end.
Appreciate the fast turnaround here, thanks!
Running
npm run audit
results in a high-severity vulnerabilityThe core issue appears to be the usage of an obsoleted version of the
"google-auth-library": "^5.10.1"
dependency which prevents us from updating thenode-forge
upstream dependency.