Closed SargisPlusPlus closed 4 months ago
Hi @SargisPlusPlus,
Thanks for flagging this issue. After reviewing it:
pkce-challenge@3.0.0
relies on crypto-js: "^4.1.1."
as a dependency, which should automatically update to crypto-js@4.2.0
, fixing the vulnerability.
Additionally, pkce-challenge
isn't directly impacted by the PBKDF2 vulnerability as it doesn't use it anywhere.
I will be closing this issue for now. Please reply if you have further questions.
It appears that pkce-challenge v3.0.0 uses crypto-js v4.1.1 Crypto-js v4.1.1 has known vulnerabilities
It appears that latest version of pkce-challenge addresses the vulnerabilities.
Please upgrade crypto-js or pkce-challenge to latest version