Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Microsoft.IdentityModel.Protocols.OpenIdConnect #325

Merged
merged 3 commits into from
Apr 26, 2024
Merged

Bump Microsoft.IdentityModel.Protocols.OpenIdConnect #325

merged 3 commits into from
Apr 26, 2024

Conversation

frederikprijck
Copy link
Member

@frederikprijck frederikprijck commented Apr 24, 2024
edited
Loading

Fix a Snyk issue regarding Microsoft.IdentityModel.Protocols.OpenIdConnect.

✗ Resource Exhaustion [Medium Severity][https://security.snyk.io/vuln/SNYK-DOTNET-MICROSOFTIDENTITYMODELJSONWEBTOKENS-6148656] in Microsoft.IdentityModel.JsonWebTokens@6.12.2
    introduced by Microsoft.IdentityModel.Protocols.OpenIdConnect@6.12.2 > System.IdentityModel.Tokens.Jwt@6.12.2 > Microsoft.IdentityModel.JsonWebTokens@6.12.2
  This issue was fixed in versions: 5.7.0, 6.34.0, 7.1.2
✗ Resource Exhaustion [Medium Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMIDENTITYMODELTOKENSJWT-[61](https://github.com/auth0/auth0-oidc-client-net/actions/runs/8821836705/job/24219430757?pr=324#step:11:62)48655] in System.IdentityModel.Tokens.Jwt@6.12.2
    introduced by Microsoft.IdentityModel.Protocols.OpenIdConnect@6.12.2 > System.IdentityModel.Tokens.Jwt@6.12.2
  This issue was fixed in versions: 5.7.0, 6.34.0, 7.1.2

Also bump Android to 32 to fix CI, which should be fine as it's the lowest supported version as per https://dotnet.microsoft.com/en-us/platform/support/policy/xamarin

@frederikprijck frederikprijck requested a review from a team as a code owner April 24, 2024 19:32
@frederikprijck frederikprijck mentioned this pull request Apr 24, 2024
Merged
4 tasks
@frederikprijck frederikprijck enabled auto-merge (squash) April 24, 2024 19:34
@frederikprijck
This is a combination of 6 commits.
fab7ac2 
Pin Android to API 32 to
@frederikprijck frederikprijck changed the title Bump Microsoft.IdentityModel.Protocols.OpenIdConnect Bump Android to API Level 32 Apr 25, 2024
@frederikprijck frederikprijck force-pushed the frederikprijck-patch-1 branch from b90285f to fab7ac2 Compare April 25, 2024 08:39
@frederikprijck frederikprijck force-pushed the frederikprijck-patch-1 branch from 989bab1 to fab7ac2 Compare April 25, 2024 18:44
@frederikprijck frederikprijck changed the title Bump Android to API Level 32 Bump Microsoft.IdentityModel.Protocols.OpenIdConnect Apr 25, 2024
@frederikprijck frederikprijck merged commit 6c897e9 into master Apr 26, 2024
4 checks passed
@frederikprijck frederikprijck deleted the frederikprijck-patch-1 branch April 26, 2024 08:38
@frederikprijck frederikprijck mentioned this pull request Jun 10, 2024
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehobbsdev stevehobbsdev stevehobbsdev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@frederikprijck @stevehobbsdev