Update crypto-js version from 4.1.1 to 4.2.0 #51903
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
the
|
Hi @amcasey. If this is not a tell-mode PR, please make sure to follow the instructions laid out in the servicing process document. |
|
An alternative would be to migrate from oidc-client, which is no longer maintained, to oidc-client-ts, which has already picked up the new |
|
Dup of #51813 |
|
Hi @amcasey. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update crypto-js
Update crypto-js version from 4.1.1 to 4.2.0
Customer Impact
https://nvd.nist.gov/vuln/detail/CVE-2023-46233
Regression?
[If yes, specify the version the behavior has regressed from]
Risk
Seems low since it's a minor version upgrade, but I don't actually know how crypto-js is used.
Verification
Packaging changes reviewed?