Research and fix auth0-js security vulnerability

boston2delhi / Conversations

A journey into the world of women in Delhi

1 stars 4 forks source link

Research and fix auth0-js security vulnerability #11

Open knod opened 6 years ago

knod commented 6 years ago

package-lock.json update suggested:
auth0-js ~> 8.12.0

Not sure what's requiring this, if we should update it or make a pull request on that originating package, or if the update will mess something else up. Research!

wacii commented 6 years ago

auth0 is an authentication as a service company. Probably included by Expo.

wacii commented 6 years ago

I looked at the available versions of the library and it looks like you have the latest version of 7 installed. So I guess they just abandoned that version? Which for a company dealing in authentication is...um, surprising.

knod commented 6 years ago

Issue filed with originating package creators. They say it's not important, but they'll deal with it soon anyway: https://github.com/expo/expo/issues/1156#event-1400713386