Upgrade omniauth from a vulnerable version

stevenkaras / omniauth-mailchimp

MailChimp OAuth2 strategies for omniauth

MIT License

3 stars 9 forks source link

Upgrade omniauth from a vulnerable version #5

Closed misterbyrne closed 3 years ago

misterbyrne commented 3 years ago

omniauth 1.9.1 is vulnerable to a high-severity CVE (CVE-2015-9284)

There were already 2 failing tests on master so I fixed these first, then upgraded the dependency. I had to fix some tests again because of the new Relative Root Apps support that was added in omniauth 2.0.0

misterbyrne commented 3 years ago

Closing in favour of https://github.com/stevenkaras/omniauth-mailchimp/pull/6 because of the confusing branch name