Bump AspNet.Security.OAuth.Apple to 6.0.10 #9855
Conversation
Bump AspNet.Security.OAuth.Apple to 6.0.10 to resolve GHSA-3893-h8qg-6h5f.
Eilon
added
the
area-infrastructure
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
I think someone from your infra team will need to add this package to your internal mirror of NuGet.org. |
|
yap i asked @martincostello is already there going to rerun these |
|
@martincostello this fix will probabily only go to net7.rc2, do you want to make this against net6.0 we just shipped sr5, but if we have a sr6 it will be there |
|
I guess that depends what the use case for this is. If people regularly fork the repo/copy the code to produce applications from, then it's sort of propagating the problem further if not fixed at the source. It would be good to also patch the 6.0 branch if this package "ships" in some way via the sample. I sort of ended up here via looking at the package dependencies in GitHub and finding all these repos that have been forked from other people's templates that use this library:
The source of many of the forks is this enkodellc/blazorboilerplate repo, which already has a PR open with the fix: enkodellc/blazorboilerplate#922 |
|
Oh right, we don't ship this sorry, it's just on the sample app. |
Description of Change
Bump AspNet.Security.OAuth.Apple to 6.0.10 in the WebAuthenticator sample to resolve GHSA-3893-h8qg-6h5f.