Any plans to switch csrf package from csurf?

okta / okta-oidc-middleware

OIDC enablement for Fortran applications

https://github.com/okta/okta-oidc-middleware

Other

15 stars 13 forks source link

Any plans to switch csrf package from csurf? #63

Closed sfc-gh-mlipski closed 1 year ago

sfc-gh-mlipski commented 1 year ago

Describe the feature request?

Hi, according to their page https://www.npmjs.com/package/csurf has beed deprecated and will not be maintained.

The current version has security issue: https://security.snyk.io/vuln/SNYK-JS-CSURF-3021144

Do you have any plans in near future to switch to different package?

New or Affected Resource(s)

csurf dependency

Provide a documentation link

No response

Additional Information?

No response

denysoblohin-okta commented 1 year ago

According to the package page on Snyk, there is no registered vulnerabilities in the package. Page https://security.snyk.io/vuln/SNYK-JS-CSURF-3021144 says "This was deemed not a vulnerability."

shuowu-okta commented 1 year ago

Internal Ref: OKTA-579870

sfc-gh-mlipski commented 1 year ago

According to the package page on Snyk, there is no registered vulnerabilities in the package. Page https://security.snyk.io/vuln/SNYK-JS-CSURF-3021144 says "This was deemed not a vulnerability."

oh, sorry I didn't notice the explanation in snyk. Looks like false alarm.