There is a vulnerability with superagent on versions before 9.X which results in the following warning:
warning auth0-js > superagent@7.1.6: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
Superagent is a sub-dependency of auth0/auth0.js, which has not updated to a recent version. Superagent has not had a breaking change since v6 and everything looks to be good with Auth0. I have opened a PR with Auth0 to hopefully resolve the issue auth0/auth0.js#1445. But for the meantime I think we should pin the version, as we've done for qs. Movement in that repo appears to be very slow.
Checklist
Authors and Reviewer(s), please verify the following:
[ ] A PR description, regardless of the triviality of this change, that communicates the value of this PR
Part of #1980
There is a vulnerability with superagent on versions before 9.X which results in the following warning:
Superagent is a sub-dependency of auth0/auth0.js, which has not updated to a recent version. Superagent has not had a breaking change since v6 and everything looks to be good with Auth0. I have opened a PR with Auth0 to hopefully resolve the issue auth0/auth0.js#1445. But for the meantime I think we should pin the version, as we've done for
qs. Movement in that repo appears to be very slow.Checklist
Authors and Reviewer(s), please verify the following: