Security vulnerability
# support-questions-legacyc
chunkygoo.
12/22/2022, 8:02 PMSecurity vulnerability
chunkygoo.
12/22/2022, 8:03 PMn
nkshah2
12/23/2022, 3:44 AMThanks well take a look
c
chunkygoo.
01/05/2023, 3:29 AM@rp_st
chunkygoo.
01/05/2023, 3:29 AMCan you clarify what you mean "The fix to this involves updating jsonwebtoken to 9.0.0 which doesn't support versions of node below 11. This would have been fine, except that we are not using the verify function from jsonwebtoken package."?
r
rp_st
01/05/2023, 4:05 AMIt means we will not update the dependency of that library. Cause the function that’s vulnerable isn’t used by us anyway.
rp_st
01/05/2023, 4:05 AMSo the vulnerability pointed out by npm run audit doesnt apply to us
c
chunkygoo.
01/05/2023, 4:24 AMSo the vulnerability isn't really a vulnerability?
chunkygoo.
01/05/2023, 4:25 AMAnd the reason to not update the dependency is because updating it would discontinue the support for node versions below 11?
r
rp_st
01/05/2023, 4:26 AMYes. Correct.
8 Views