Open diegoholiveira opened 1 month ago
Hey @diegoholiveira Thanks for reporting this!
I will tackle this on this week!
Keep in mind that this vulnerability doesn't affect this lib since we use it to check if the JWT saved internally in the SDK is expired with the following code:
protected isJwtExpired(token: string): boolean {
const decoded = jwt.decode(token, { complete: true })
return decoded.payload.exp <= Math.floor(Date.now() / 1000)
}
I know that the npm audit report is reporting the vulnerability, but just to let you know that this is a fake positive
I'm getting a notification about security issues with the current version of
jsonwebtoken
.It would be nice to update it to a safe version.