You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently jose@2.0.6 is in the master branch in this repository but a new release has not yet come out. I am getting npm audit issues from jwks-rsa@2.1.4 which still depends on jose@2.0.5.
When will a new release come?
The text was updated successfully, but these errors were encountered:
The jose version specified in the package for the current release is ^2.0.5 - which means you can install the latest 2.x jose release (eg 2.0.6) along with this package. So you should not be blocked by a release, updating your package-lock (by running npm audit --fix) will resolve your issue.
Hi @mboaventura - see #316 (comment) those CVE's are for other variants of jose. The variant of jose we use has been patched for the vulnerability you're specifying
Currently
jose@2.0.6
is in the master branch in this repository but a new release has not yet come out. I am getting npm audit issues fromjwks-rsa@2.1.4
which still depends onjose@2.0.5
.When will a new release come?
The text was updated successfully, but these errors were encountered: