NPM still reports Vulnerabilities in Utils even though issues closed

[fhirfly]

the current npm install for the jsrasign-utils reports 2 high severity vulnz. It looks like the issues were fixed: #438
#411
But somehow the node audit hasn't pixed up the fix...

npm audit

npm audit report

jsrsasign <=8.0.16
Severity: high
Timing Attack - https://npmjs.com/advisories/1505
Improper Verification of Cryptographic Signature - https://npmjs.com/advisories/1541
fix available via npm audit fix --force
Will install [email protected], which is a breaking change

node_modules/jsrsasign-util/node_modules/jsrsasign
jsrsasign-util >=1.0.1
Depends on vulnerable versions of jsrsasign
node_modules/jsrsasign-util

How de we close these issues?

[kjur]

I've update jsrsasign-util dependencies like this:

        "jsrsasign": ">= 4.8.2",
        "jsonc-parser": ">= 0.0.1"

Then npm of jsrsasign-util 1.0.5 published.
Is this fix your issue?

[kjur]

I think it seems fine. This ticket will be closed.