Closed jfuginay closed 1 year ago
Closing this PR as changes have been made to twilio-node v4 release candidate.
This fix should be merged at least until such a time that the v4 release candidate is ready for production use.
We need this for v3 at least, please reopen
The MR I made is v3, with only the jsonwebtoken package upgraded. It passed all tests. An organization that cares about their users and their safety would merge this immediately.
This is taking too long and I have began refactoring our products to use aws sms.
On Thu, Jan 19, 2023 at 12:16 AM Sergio Utama @.***> wrote:
We need this for v3 at least, please reopen
— Reply to this email directly, view it on GitHub https://github.com/twilio/twilio-node/pull/885#issuecomment-1396594095, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ7S2SHXNPKD3H5CUTF4PDWTDZ4FANCNFSM6AAAAAATYQJKXI . You are receiving this because you authored the thread.Message ID: @.***>
-- J. Wylie
Fixes #884
Raises jsonwebtoken in package.json to 9.0.0 to move past the v8 with newly found security vulnerabilities.
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
Checklist
If you have questions, please file a support ticket, or create a GitHub Issue in this repository.