jaynewstrom-stripe
commented
3 months ago Hi @benkay
This is on our list to update.
In the meantime, you can depend on a newer version directly in your build.gradle, which will transitively update the version, and no longer have a vulnerability listed.
Our security team flagged com.nimbusds:nimbus-jose-jwt as having a known vulnerability. Looks like the 3ds2 dependency depends on an old version (9.21).
I assume it's safe to force the latest version (9.40) ourselves, but it would be helpful if it was updated within this SDK so we can be sure there are no compatibility issues.