Run a Snyk dependency scan on okta-auth-js@7.4.3 and you'll get a high vulnerability.
SDK Versions
okta-auth-js@7.4.3
Additional Information?
Looks like the latest version of broadcast-channel@5.3.0 uses rimraf@5.0.5 which uses glob@^10.3.7 which does not use inflight anymore. Upgrading should resolve this finding.
Describe the bug
Got a Snyk high vulnerability finding through:
@okta/okta-auth-js@7.4.3 > broadcast-channel@4.17.0 > rimraf@3.0.2 > glob@7.2.3 > inflight@1.0.6
Snyk Vuln Summary: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Reproduction Steps?
Run a Snyk dependency scan on okta-auth-js@7.4.3 and you'll get a high vulnerability.
SDK Versions
okta-auth-js@7.4.3
Additional Information?
Looks like the latest version of broadcast-channel@5.3.0 uses rimraf@5.0.5 which uses glob@^10.3.7 which does not use inflight anymore. Upgrading should resolve this finding.