Package updates suggested by Dependabot: Orchard.AzureMediaServices and Orchard.OpenId #8786
Assignees
Comments
BenedekFarkas
added a commit
that referenced
this issue
Apr 18, 2024
#8787) * Updating Microsoft.IdentityModel.* packages from 5.2.4 to 5.7.0 * Updating OpenId packages from 4.0.0 to 4.2.2 to mach the version of Microsoft.Owin * Fixing assembly binding redirects in Orchard.Web/Web.config * OpenId: Updating Microsoft.IdentityModel.Tokens.* packages to version 5.7.0.0 to match Microsoft.IdentityModel.Tokens * OpenId: Updating Microsoft.IdentityModel.Protocols packages to 5.7.0.0 too * The return of System.Net.Http assembly binding redirects
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can't (shouldn't) merge these individually due to warnings (errors) they generate, so updating and testing them in one go:
Our currently used versions (5.2.4) and most of the versions released since are affected by a medium-severity vulnerability. The current latest versions are 7.5.1, which is two major versions ahead, so we'll just upgrade to the suggested version (5.7.0) for now.
The text was updated successfully, but these errors were encountered: