Open Cellule opened 5 days ago
The package jsonpath-plus has a security vulnerability reported https://github.com/advisories/GHSA-pppg-cpfq-h7wr
jsonpath-plus
This package is included transitively in this package through @okta/okta-auth-js
@okta/okta-auth-js
yarn why -R jsonpath-plus └─ native@workspace:. └─ @okta/okta-react-native@npm:2.12.0 [87df7] (via npm:^2.12.0 [87df7]) ├─ @okta/configuration-validation@npm:1.1.0 (via npm:^1.1.0) │ └─ @okta/okta-auth-js@npm:6.9.0 (via npm:^6.1.0) │ └─ jsonpath-plus@npm:6.0.1 (via npm:^6.0.1) └─ @okta/okta-auth-js@npm:7.5.0 (via npm:7.5.0) └─ jsonpath-plus@npm:6.0.1 (via npm:^6.0.1)
It was fixed and released in version 7.8.1 https://github.com/okta/okta-auth-js/issues/1544
Both @okta/okta-react-native and @okta/configuration-validation need to update their @okta/okta-auth-js dependency to at least 7.8.1
@okta/okta-react-native
@okta/configuration-validation
I would report this issue in the repo for @okta/configuration-validation but it seems it was archived and not relocated ?! https://github.com/okta/okta-oidc-js#okta-oidc-js
Vulnerability detected
npm i @okta/okta-react-native npm audit
No response
N/A
Same experience, would be great to make these updates.
Describe the bug?
The package
jsonpath-plus
has a security vulnerability reported https://github.com/advisories/GHSA-pppg-cpfq-h7wrThis package is included transitively in this package through
@okta/okta-auth-js
It was fixed and released in version 7.8.1 https://github.com/okta/okta-auth-js/issues/1544
What is expected to happen?
Both
@okta/okta-react-native
and@okta/configuration-validation
need to update their@okta/okta-auth-js
dependency to at least 7.8.1I would report this issue in the repo for
@okta/configuration-validation
but it seems it was archived and not relocated ?! https://github.com/okta/okta-oidc-js#okta-oidc-jsWhat is the actual behavior?
Vulnerability detected
Reproduction Steps?
Additional Information?
No response
SDK Version
N/A
Build Information
No response