Closed cwperks closed 5 months ago
Here's the release notes from v5: https://github.com/panva/jose/releases/tag/v5.0.0
If v5 causes issues then this can also be upgraded to 4.15.5: https://www.npmjs.com/package/jose/v/4.15.5
@cwperks shall we wait until the CVE is actually published prior to merge?
It can be merged now. 4.11.2 is from a year ago and there have been many versions published since.
Description
Bump jose from 4.11.2 to 5.2.4
Addresses CVE-2024-28176
Category
Maintenance
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.