CVE in jsonpath-plus included through transitive dependencies

[Cellule]

Describe the bug?

The package jsonpath-plus has a security vulnerability reported
GHSA-pppg-cpfq-h7wr

This package is included transitively in this package through @okta/okta-auth-js

yarn why -R jsonpath-plus
└─ native@workspace:.
   └─ @okta/okta-react-native@npm:2.12.0 [87df7] (via npm:^2.12.0 [87df7])
      ├─ @okta/configuration-validation@npm:1.1.0 (via npm:^1.1.0)
      │  └─ @okta/okta-auth-js@npm:6.9.0 (via npm:^6.1.0)
      │     └─ jsonpath-plus@npm:6.0.1 (via npm:^6.0.1)
      └─ @okta/okta-auth-js@npm:7.5.0 (via npm:7.5.0)
         └─ jsonpath-plus@npm:6.0.1 (via npm:^6.0.1)

It was fixed and released in version 7.8.1 okta/okta-auth-js#1544

What is expected to happen?

Both @okta/okta-react-native and @okta/configuration-validation need to update their @okta/okta-auth-js dependency to at least 7.8.1

I would report this issue in the repo for @okta/configuration-validation but it seems it was archived and not relocated ?! https://github.com/okta/okta-oidc-js#okta-oidc-js

What is the actual behavior?

Vulnerability detected

Reproduction Steps?

npm i @okta/okta-react-native
npm audit

Additional Information?

No response

SDK Version

N/A

Build Information

No response

[jasonsemkohoag]

Same experience, would be great to make these updates.

[atrinidad-hu]

same here, I'm waiting for the update, or does anyone know another way to fix it?

[arelstone]

please see this @rajdeepnanua-okta

Would be great to have this Critical 9.3 issue fixed!!

Please make this update as we are waiting for it