chore: require firebase/php-jwt v6 to force fix for key/algorithm type confusion#2398
chore: require firebase/php-jwt v6 to force fix for key/algorithm type confusion#2398alperendurmus wants to merge 1 commit intogoogleapis:mainfrom alperendurmus:patch-1
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use -- conventional-commit-lint bot |
|
@alperendurmus Thank you for your contribution. Please sign the CLA! |
|
Looks like we need to update the base version of a few other dependencies |
bshaffer
left a comment
There was a problem hiding this comment.
We will have to drop support for PHP 5.6 and 7.0 before we are able to make this change.
|
Done in #2431 |
Possibility of Reintroducing HS256/RSA256 Type Confusion (CVE-2021-46743)
firebase/php-jwt#351
GHSA-8xf4-w7qw-pjjw