Skip to content

Update auth0 dependencies to address CVE-2020-36518#66

Merged
jimmyjames merged 1 commit intomasterfrom
update-a0-deps
Mar 14, 2022
Merged

Update auth0 dependencies to address CVE-2020-36518#66
jimmyjames merged 1 commit intomasterfrom
update-a0-deps

Conversation

@jimmyjames
Copy link
Copy Markdown
Contributor

@jimmyjames jimmyjames commented Mar 14, 2022

Changes

This PR bumps the com.auth0 dependencies to latest versions. This addresses CVE-2020-36518 for the transient jackson-databind dependency.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518

@jimmyjames jimmyjames added this to the v1-Next milestone Mar 14, 2022
@jimmyjames jimmyjames requested a review from a team as a code owner March 14, 2022 19:35
@jimmyjames jimmyjames merged commit 44b5346 into master Mar 14, 2022
@jimmyjames jimmyjames deleted the update-a0-deps branch March 14, 2022 19:53
@jimmyjames jimmyjames modified the milestones: v1-Next, 1.5.0 Mar 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@evansims evansims evansims approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

CH: Changed CH: Security review:small Small review

Projects

None yet

Milestone

1.5.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jimmyjames @evansims