Skip to content

Commit 27e82ae

Browse files
javierjuliojavierjulio
authored
Bump json-jwt to a min of 1.11.0 for security fix
Sourced from The GitHub Security Advisory Database. > Moderate severity vulnerability that affects json-jwt > The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. > Affected versions: < 1.11.0
1 parent acc8b5d commit 27e82ae

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

rack-oauth2.gemspec

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
1717
s.add_runtime_dependency 'httpclient'
1818
s.add_runtime_dependency 'activesupport'
1919
s.add_runtime_dependency 'attr_required'
20-
s.add_runtime_dependency 'json-jwt', '>= 1.9.0'
20+
s.add_runtime_dependency 'json-jwt', '>= 1.11.0'
2121
s.add_development_dependency 'rake'
2222
s.add_development_dependency 'simplecov'
2323
s.add_development_dependency 'rspec'

0 commit comments

Comments
 (0)