We are getting there is one high vulnerability related to jsonwebtoken and which is dependent package of ibmcloud-appid. ibmcloud-appid I have already upgraded to latest but still in package-lock.json jsonwebtoken version is 8.5.1. Here in vulnerability jsonwebtoken is recommend to upgrade version to 9.0.0. So how i can upgrade package-lock.json dependent package, as that is not present in package.json?
Asked
Active
Viewed 347 times
1 Answers
0
A new version of ibmcloud-appid with the fixed vulnerability will be released soon. Please keep an eye on the following issue for updates
https://github.com/ibm-cloud-security/appid-serversdk-nodejs/issues/286
Vladimir Atanasov
- 169
- 1
- 8