search

okta / okta-auth-js

The official js wrapper around Okta's auth API
Other
447 stars 261 forks source link

Snyk High Vulnerability: SNYK-JS-INFLIGHT-6095116 through inflight@1.0.6 #1479

Closed mdowling17 closed 10 months ago

mdowling17 commented 10 months ago

Describe the bug

Got a Snyk high vulnerability finding through: @okta/okta-auth-js@7.4.3 > broadcast-channel@4.17.0 > rimraf@3.0.2 > glob@7.2.3 > inflight@1.0.6

Snyk Vuln Summary: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

Reproduction Steps?

Run a Snyk dependency scan on okta-auth-js@7.4.3 and you'll get a high vulnerability.

SDK Versions

okta-auth-js@7.4.3

Additional Information?

Looks like the latest version of broadcast-channel@5.3.0 uses rimraf@5.0.5 which uses glob@^10.3.7 which does not use inflight anymore. Upgrading should resolve this finding.

jaredperreault-okta commented 10 months ago

7.5.0 contains a fix for this. It will be released soon

https://github.com/okta/okta-auth-js/pull/1449

jaredperreault-okta commented 10 months ago

@mdowling17 7.5.0 was just released