❌ High severity vulnerability found in base64url
Description: Uninitialized Memory Exposure
Info: https://snyk.io/vuln/npm:base64url:20180511
Introduced through: @pusher/chatkit-server@0.12.1
From: @pusher/chatkit-server@0.12.1 > jsonwebtoken@8.2.1 > jws@3.1.4 > base64url@2.0.0
From: @pusher/chatkit-server@0.12.1 > jsonwebtoken@8.2.1 > jws@3.1.4 > jwa@1.1.5 > base64url@2.0.0
From: @pusher/chatkit-server@0.12.1 > jsonwebtoken@8.2.1 > jws@3.1.4 > jwa@1.1.5 > ecdsa-sig-formatter@1.0.9 > base64url@2.0.0
and 3 more...
Remediation:
~~Your dependencies are out of date, otherwise you would be using a newer version of base64url.
Try deleting node_modules, reinstalling and running snyk test again. If the problem persists,~~~ one of your dependencies may be bundling outdated modules.
What?
Suggested improvements
They fixed it this PR: https://github.com/auth0/node-jsonwebtoken/issues/465