workos-node icon indicating copy to clipboard operation
workos-node copied to clipboard
verified publisher icon workos

cookie dep dependabot vulnerability

Open abhiaiyer91 opened this issue 4 months ago • 2 comments

Hi! We're required to clear all vulnerabilities on our repo. I noticed we got flagged for the cookie module and traced to

auth/workos → @workos-inc/[email protected][email protected][email protected]

I'll pnpm override it in Mastra but just wanted to let ya'll know!

abhiaiyer91 avatar Aug 29 '25 18:08 abhiaiyer91

+1 - same vuln showing for us as well

geoffsoftledger avatar Sep 02 '25 20:09 geoffsoftledger

Hey! This is something we're working on. To drop support for iron-session@6, we'll need to drop support for Node 16 (which is way past EOL), but it will require a major version change on our side. We're working on getting this out and will have updates soon. Thanks!

nicknisi avatar Sep 02 '25 20:09 nicknisi