Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump auth0-js to solve crypto-js vulnerability #2492

Merged
merged 1 commit into from
Nov 13, 2023
Merged

Bump auth0-js to solve crypto-js vulnerability #2492

merged 1 commit into from
Nov 13, 2023

Conversation

frederikprijck
Copy link
Member

Changes

Upgrading auth0-js to solve a vulnerability with crypto-js CVE-2023-46233

References

https://nvd.nist.gov/vuln/detail/CVE-2023-46233

#2479

Testing

Ran unit tests. Checking with CI for integration test.

@frederikprijck frederikprijck requested a review from a team as a code owner November 13, 2023 10:38
@codecov Codecov
Copy link

codecov bot commented Nov 13, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (7cc5872) 41.74% compared to head (36286cb) 41.74%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #2492   +/-   ##
=======================================
  Coverage   41.74%   41.74%           
=======================================
  Files         120      120           
  Lines        3066     3066           
  Branches      332      332           
=======================================
  Hits         1280     1280           
  Misses       1694     1694           
  Partials       92       92

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@frederikprijck frederikprijck merged commit 8255d2e into master Nov 13, 2023
11 checks passed
@frederikprijck frederikprijck deleted the security/bump-auth0-js branch November 13, 2023 10:53
@frederikprijck frederikprijck mentioned this pull request Nov 13, 2023
Merged
frederikprijck added a commit that referenced this pull request Nov 13, 2023
@frederikprijck
Release v12.2.1 (#2493)
b6d76c0 
**Security**
- Bump auth0-js to solve crypto-js vulnerability
[\#2492](#2492)
([frederikprijck](https://github.com/frederikprijck))
This was referenced Aug 12, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehobbsdev stevehobbsdev stevehobbsdev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@frederikprijck @stevehobbsdev