Upgrade `jose` to mitigate dependabot alert
RaphaelManke opened this issue · comments
Raphael Manke commented
Checklist
- The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
The currently referenced version of jose
should be upgraded to at least 4.15.5
due to a vulnerability.
In our (private) repo dependabot alerts on that.
"jose": "^4.9.2",
Reproduction
Additional context
No response
nextjs-auth0 version
3.5.0
Next.js version
Node.js version
20