Closed jagadish-m closed 2 years ago
Just run npm upgrade. This is a self healing process any user can run to update dependencies.
Thanks for your response.
Please help us here.
https://docs.npmjs.com/cli/v8/commands/npm-update/
I have no further advice. "npm update" to update transitive dependencies.
Also npm audit --fix
Describe the bug
Currently using the openid-client 5.1.8 and its dependent jose version is vulnerable version. https://github.com/advisories/GHSA-jv3g-j58f-9mq9
Please update the dependency package of openid-client so that the vulnerability fixed version of jose is picked up when installing openid-client package (npm i openid-client @latest)
updating the openid-client to the latest version didn't update the dependency
"openid-client": "^5.1.8", "openid-client": "^5.1.10",
Thank you