From 13c619d5b5ee9d23b262ce4a3b82684f818e398b Mon Sep 17 00:00:00 2001
From: Alexis Lee <alee@greshamtech.com>
Date: Thu, 10 May 2018 13:48:09 +0100
Subject: [PATCH] Update buddy-sign 1.3.0 -> 2.2.0

This updates buddy-core 1.1.1 -> 1.4.0,
which updates org.bouncycastle/bcprov-jdk15on 1.55 -> 1.58,
alleviating CVE-2016-1000341.

See https://www.bouncycastle.org/releasenotes.html section 2.4.4, search
for CVE-2016-1000341.

This is a major version upgrade because of the following incompatible
change:
    https://github.com/funcool/buddy-sign/issues/39
---
 ext/jwt/project.clj | 2 +-
 project.clj         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/jwt/project.clj b/ext/jwt/project.clj
index 098c1391..298d80d3 100644
--- a/ext/jwt/project.clj
+++ b/ext/jwt/project.clj
@@ -8,4 +8,4 @@
             :url "https://opensource.org/licenses/MIT"}
   :pedantic? :abort
   :dependencies [[yada/core ~VERSION]
-                 [buddy/buddy-sign "1.3.0"]])
+                 [buddy/buddy-sign "2.2.0"]])
diff --git a/project.clj b/project.clj
index 0a111552..2ffe4d58 100644
--- a/project.clj
+++ b/project.clj
@@ -53,7 +53,7 @@
      [org.clojure/core.async "0.3.442"]
      [cheshire "5.6.3"]
      [json-html "0.4.0" :exclusions [hiccups]]
-     [buddy/buddy-sign "1.3.0"]
+     [buddy/buddy-sign "2.2.0"]
      [commons-codec "1.10"]
      [metosin/ring-swagger "0.22.12" :exclusions [org.clojure/clojure]]
      [org.webjars/swagger-ui "2.2.6"]