-
Notifications
You must be signed in to change notification settings - Fork 309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Updates for v3 #992
Labels
bug
This points to a verified bug in the code
Comments
Similarly, we're using auth0-deploy-cli which depends on v3 of this library, and just started getting an error due to this library's dependency on rest-facade. It looks like superagent has a PR to update its dependency on formidable, though it's unclear when that might flow through the whole dependency chain.
|
@bdukes this specific security vulnerability has been withdrawn: GHSA-8cp3-66vr-3r4c |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checklist
Description
vm2, which is a transitive dependency of this library is deprecated due to security issues, and I am unable to upgrade to 4.x of this library in the short term due to other libraries blocking my upgrade path. Are there any forthcoming updates to the 3.x line of this library that will address security issues?
Reproduction
n/a
Additional context
No response
node-auth0 version
3.7.2
Node.js version
16.20.1
The text was updated successfully, but these errors were encountered: