Skip to content

v1.12.1
Compare
Choose a tag to compare
@auth0-oss auth0-oss released this 12 Jan 17:14
v1.12.1
2ee0e6e

Security

This patch release is identical to 1.12.0 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used by @auth0/auth0-spa-js.

Even though 1.22.5 of @auth0/auth0-spa-js was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency of @auth0/auth0-spa-js, we are cutting a release to ensure build tools no longer report our SDK's that use @auth0/auth0-spa-js as vulnerable to the mentioned CVE.

Assets 2
Loading