Closed tvanriper closed 8 months ago
Good spot! At the moment it's only being used for Typescript types so I imagine there would be less risk, but you're right it's not ideal. We should be using @aws-sdk/types
I'll push out a fix later this week
I did notice that you only use the Typescript types, which certainly should reduce problems. In my own attempt to address this and provide for you some sort of update, it feels like you won't need to provide some of the types you currently provide, as one can easily obtain them directly from @aws-sdk/client-cognito-identity-provider itself.
Unfortunately, I couldn't get the code to work (I suppose I still suck at JS and TS), so you're probably better off without my efforts, heh.
Resolved in v2.1.0
AWS has deprecated version 2 of the aws-sdk API this library uses, as announced here:
https://aws.amazon.com/blogs/developer/deprecation-schedule-for-aws-sdk-for-ruby-v2/
They have moved to a collection of APIs that start with '@aws-sdk' (version 3), as detailed here:
https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html
Consequently, any discovered security issues within version 2 of the aws-sdk will not be patched, which for something like this which provides support for authentication, could be problematic.