Closed Twipped closed 4 months ago
The CVE has been withdrawn, so npm audit
is no longer failing.
Thanks @laurence-myers, was just about to comment the same thing. Thanks for raising @in15!
@stevehobbsdev might I suggest the project should still update to the latest superagent, anyway? Two major versions is a notable lag.
Checklist
Description
A new critical vulnerability was announced today in formidable 2.x, which is a dependency of superagent 7 and 8. Superagent needs to be updated to version 9 to get the new version of formidable which does not have this vulnerability.
See:
Reproduction
Run
npm audit
with auth0-js installed.Additional context
No response
auth0-js version
9.24.1
Which browsers have you tested in?
Other