Expo: auth0-js v7 security vulnerability

Created on 23 Dec 2017  路  3Comments  路  Source: expo/expo

I've gotten a warning from github that a package required by package-lock.json, auth0-js, had a security vulnerability at version 7. I found it required in the xdl package:

"xdl": {
      ...
      "requires": {
        ...
        "auth0-js": "7.6.1",

Github said:

package-lock.json update suggested:
auth0-js ~> 8.12.0

What can I do about this?

picture knod

Most helpful comment

hi there. this doesn't impact your app, it only impacts servers that use auth0-js, which xdl does not. nonetheless we will update auth0-js. thanks github for spamming everybody with this senseless notification ;)

picture brentvatne on 24 Dec 2017
👍3

All 3 comments

hi there. this doesn't impact your app, it only impacts servers that use auth0-js, which xdl does not. nonetheless we will update auth0-js. thanks github for spamming everybody with this senseless notification ;)

brentvatne picture brentvatne on 24 Dec 2017
👍3

so how do we fix this?

towfiqi picture towfiqi on 9 Feb 2018

@towfiqi It doesn't affect you as an app developer.

fxfactorial picture fxfactorial on 9 Feb 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dale-french picture dale-french  路  3Comments
mikadze picture mikadze  路  3Comments
muescha picture muescha  路  3Comments
rollymaduk picture rollymaduk  路  3Comments
pcooney10 picture pcooney10  路  3Comments