CVE in jsonpath-plus included through transitive dependencies

[Cellule]

Describe the bug?

The package jsonpath-plus has a security vulnerability reported https://github.com/advisories/GHSA-pppg-cpfq-h7wr

This package is included transitively in this package through @okta/okta-auth-js

yarn why -R jsonpath-plus
└─ native@workspace:.
   └─ @okta/okta-react-native@npm:2.12.0 [87df7] (via npm:^2.12.0 [87df7])
      ├─ @okta/configuration-validation@npm:1.1.0 (via npm:^1.1.0)
      │  └─ @okta/okta-auth-js@npm:6.9.0 (via npm:^6.1.0)
      │     └─ jsonpath-plus@npm:6.0.1 (via npm:^6.0.1)
      └─ @okta/okta-auth-js@npm:7.5.0 (via npm:7.5.0)
         └─ jsonpath-plus@npm:6.0.1 (via npm:^6.0.1)

It was fixed and released in version 7.8.1 https://github.com/okta/okta-auth-js/issues/1544

What is expected to happen?

Both @okta/okta-react-native and @okta/configuration-validation need to update their @okta/okta-auth-js dependency to at least 7.8.1

I would report this issue in the repo for @okta/configuration-validation but it seems it was archived and not relocated ?! https://github.com/okta/okta-oidc-js#okta-oidc-js

What is the actual behavior?

Vulnerability detected

Reproduction Steps?

npm i @okta/okta-react-native
npm audit

Additional Information?

No response

SDK Version

N/A

Build Information

No response

[jasonsemkohoag]

Same experience, would be great to make these updates.