You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can workaround it by using the version 6.2.0 of newman. It uses the postman-runtime@7.41.2 which uses jose@5.6.3 that doesn't have the vulnerability.
Hello,
yarn audit show this output jose dependency is vulnerable is it possible to upgrade or replace it ?
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ jose vulnerable to resource exhaustion via specifically │
│ │ crafted JWE with compressed plaintext │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ jose │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.15.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ newman │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ newman > postman-runtime > jose │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1096835
The text was updated successfully, but these errors were encountered: