High severity vulnerability found in crypto-browserify

kndt84 / passport-cognito

Passport strategy for AWS Cognito User Pools

https://www.npmjs.com/package/passport-cognito

MIT License

78 stars 30 forks source link

High severity vulnerability found in crypto-browserify #24

Closed VarmaSANJAY closed 4 years ago

VarmaSANJAY commented 5 years ago

I am getting this security issue.

High severity vulnerability found in crypto-browserify Description: Insecure Randomness From: passport-cognito@0.1.13 > amazon-cognito-identity-js@1.31.0 > aws-sdk@2.177.0 > crypto-browserify@1.0.9

Please, consider to upgrade amazon-cognito-identity-js to 3.0.6

kndt84 commented 4 years ago

I've updated the packages in this PR https://github.com/kndt84/passport-cognito/pull/32