-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Critical vulnerability in superagent dependency. #1424
Labels
bug
This points to a verified bug in the code
Comments
The CVE has been withdrawn, so |
Thanks @laurence-myers, was just about to comment the same thing. Thanks for raising @in15! |
@stevehobbsdev might I suggest the project should still update to the latest superagent, anyway? Two major versions is a notable lag. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checklist
Description
A new critical vulnerability was announced today in formidable 2.x, which is a dependency of superagent 7 and 8. Superagent needs to be updated to version 9 to get the new version of formidable which does not have this vulnerability.
See:
Reproduction
Run
npm audit
with auth0-js installed.Additional context
No response
auth0-js version
9.24.1
Which browsers have you tested in?
Other
The text was updated successfully, but these errors were encountered: