Skip to content

Update crypto-js version from 4.1.1 to 4.2.0 #51903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update crypto-js version from 4.1.1 to 4.2.0 #51903

wants to merge 1 commit into from

Conversation

@amcasey
Copy link
Member

@amcasey amcasey commented Nov 6, 2023

Update crypto-js

Update crypto-js version from 4.1.1 to 4.2.0

Customer Impact

https://nvd.nist.gov/vuln/detail/CVE-2023-46233

Regression?

  • Yes
  • No

[If yes, specify the version the behavior has regressed from]

Risk

  • High
  • Medium
  • Low

Seems low since it's a minor version upgrade, but I don't actually know how crypto-js is used.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@amcasey amcasey requested a review from a team as a code owner November 6, 2023 21:13
@ghost ghost added the area-blazor Includes: Blazor, Razor Components label Nov 6, 2023
@ghost ghost added this to the 7.0.x milestone Nov 6, 2023
@ghost
Copy link

ghost commented Nov 6, 2023

Hi @amcasey. If this is not a tell-mode PR, please make sure to follow the instructions laid out in the servicing process document.
Otherwise, please add tell-mode label.

@amcasey
Copy link
Member Author

amcasey commented Nov 6, 2023

An alternative would be to migrate from oidc-client, which is no longer maintained, to oidc-client-ts, which has already picked up the new crypto-js version.

@amcasey
Copy link
Member Author

amcasey commented Nov 6, 2023

Dup of #51813

@amcasey amcasey closed this Nov 6, 2023
@ghost
Copy link

ghost commented Nov 6, 2023

Hi @amcasey. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area-blazor Includes: Blazor, Razor Components

Projects

Servicing
Status: In Progress

Milestone

7.0.x

Development

Successfully merging this pull request may close these issues.

1 participant

@amcasey