jsonwebtoken@9.0.0 > semver@7.3.8 vulnerability
KsenyaJSN opened this issue · 1 comments
KsenyaJSN commented
Vulnerable Dependency Information:
Package Name: jsonwebtoken
Vulnerable Version: 9.0.0
Dependency with ReDoS Vulnerability: semver@7.3.8
Vulnerability Severity: High
https://security.snyk.io/package/npm/semver
Fixed in jsonwebtoken v.9.0.2 (auth0/node-jsonwebtoken#921)
Ks89 commented
Hi @mikenicholson
This is an important vulnerability. This library should be updated quickly. I should be very easy to upgrade since v9.0.2 is a patch version and you are already using 9.0.0 on master.
Thanks