Closed yakatz closed 2 years ago
@yakatz Thanks for bringing this to our attention. It looks like a method signature we use has changed, so this isn't a drop-in switch; we'll need to make some code changes. We'll try to get this updated soon.
Ok, it turned out to be a pretty minor change. With any luck we can update this tomorrow.
Hello. Could you fix this change with a tag so that composer with the value "stable" in the "minimum-stability" parameter could update the version?
@AaronAtDuo Please give at least some answer (
@Freemandns Sorry for the delay, I'm not a PHP packaging expert and don't fully follow what you're asking for. Do you need us to do a 1.0.1 release? Or do I need to update the composer files?
You don't need to change the composer.json, just release 1.0.1.
I should be able to do that next Tuesday.
Yes, yakatz correctly described what needs to be done. Thank you very much.
https://github.com/duosecurity/duo_universal_php/releases/tag/1.0.1
Hopefully that's what you needed, please let me know if there's anything more.
Thanks for using Duo!
The last step - do you have a process for posting the release on packagist? https://packagist.org/packages/duosecurity/duo_universal_php
Packagist had instructions for automatically updating there when you release on GitHub: https://packagist.org/about#how-to-update-packages
Thanks for the heads up. I've triggered the update, looks like it worked. Hopefully you're all set now.
Our automated dependency scanning doesn't like this package because it requires
"firebase/php-jwt": "^5.0"
which is the subject of CVE-2021-46743.While this is probably not actually a security issue, it would be great if this could be updated to
"firebase/php-jwt": "^6.0"
which is not "vulnerable".