Bump jsonwebtoken to 9.0.0
Closed this issue · 3 comments
fredrjoh commented
jsonwebtoken
8.5.1 has a security vulnerability: GHSA-27h2-hvpr-p74q. Please upgrade to 9.0.0.
moham96 commented
I would actually suggest moving to another library like jose
which works even on browsers
davidzhao commented
@fredrjoh thank you for the ping. this vulnerability does not impact us at the moment. nonetheless, we'll upgrade some of these dependencies shortly.
hugoArregui commented
I wanted to add one to this request since we are using this library and we are getting vulnerability reports because of the transient dependency of jsonwebtoken. Thanks!