jose dependency is vulnerable moderate

Hello,

yarn audit show this output jose dependency is vulnerable is it possible to upgrade or replace it ?


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ jose vulnerable to resource exhaustion via specifically      │
│               │ crafted JWE with compressed plaintext                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ jose                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.15.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ newman                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ newman > postman-runtime > jose                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1096835





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

jose dependency is vulnerable moderate #3238

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

jose dependency is vulnerable moderate #3238

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions