Closed jdforsythe closed 3 months ago
Hi @jdforsythe, Thank you for the heads up! Our team has reviewed the twilio-node repository and dont see semVer dependency added here. Can you please share more details on where is it used?
Thanks, Athira
@AsabuHere You have a dependency on jsonwebtoken
which, in turn, has a dependency on semver
. The version they depend on is vulnerable.
Issue: https://github.com/auth0/node-jsonwebtoken/issues/905
PR for jsonwebtoken: https://github.com/auth0/node-jsonwebtoken/pull/919
Once a new version of jsonwebtoken
is released with the dependency updated, you'll just need to update your dependency to a new version of jsonwebtoken
.
Created a PR for this change. Thanks!
Issue Summary
A summary of the issue and the environment in which it occurs. If suitable, include the steps required to reproduce the bug. Please feel free to include screenshots, screencasts, or code examples.
Steps to Reproduce
Code Snippet
Exception/Log
Technical details: