Skip to content

Commit

Permalink
Update buddy-sign 1.3.0 -> 2.2.0
Browse files Browse the repository at this point in the history 
This updates buddy-core 1.1.1 -> 1.4.0,
which updates org.bouncycastle/bcprov-jdk15on 1.55 -> 1.58,
alleviating CVE-2016-1000341.

See https://www.bouncycastle.org/releasenotes.html section 2.4.4, search
for CVE-2016-1000341.

This is a major version upgrade because of the following incompatible
change:
    funcool/buddy-sign#39
  • Loading branch information
@elzibubble
elzibubble committed May 10, 2018
1 parent c9c88d4 commit 13c619d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion ext/jwt/project.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@
:url "https://opensource.org/licenses/MIT"}
:pedantic? :abort
:dependencies [[yada/core ~VERSION]
[buddy/buddy-sign "1.3.0"]])
[buddy/buddy-sign "2.2.0"]])
2 changes: 1 addition & 1 deletion project.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
[org.clojure/core.async "0.3.442"]
[cheshire "5.6.3"]
[json-html "0.4.0" :exclusions [hiccups]]
[buddy/buddy-sign "1.3.0"]
[buddy/buddy-sign "2.2.0"]
[commons-codec "1.10"]
[metosin/ring-swagger "0.22.12" :exclusions [org.clojure/clojure]]
[org.webjars/swagger-ui "2.2.6"]
Expand Down

0 comments on commit 13c619d

Please sign in to comment.