botbuilder-python icon indicating copy to clipboard operation
botbuilder-python copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Use latest PyJWT

Open sdawodu opened this issue 2 years ago • 4 comments

Fixes #1837

Description

Changes calls of jwt.decode to stop using dropped verify parameter

sdawodu avatar Jul 12 '22 13:07 sdawodu

CLA assistant check
All CLA requirements met.

ghost avatar Jul 12 '22 13:07 ghost

I need this to avoid cve-2022-29217 with the old version of pyJWT. Can we get this merged?

adamzr avatar Sep 14 '22 01:09 adamzr

I need this to avoid cve-2022-29217 with the old version of pyJWT. Can we get this merged?

Some tests failed with this merge, we need input from the Microsoft team on Azure DEVOPS for more details. @axelsrz

alissonpelizaro avatar Sep 14 '22 01:09 alissonpelizaro

There are also conflicts that need to be resolved.

tracyboehrer avatar Sep 14 '22 14:09 tracyboehrer

@sdawodu Thanks. Apologies for the delay. We were required to turn off forked builds, which was keep me from merging this PR. I merged into another branch, and merged into main: https://github.com/microsoft/botbuilder-python/pull/1973

tracyboehrer avatar Oct 27 '22 18:10 tracyboehrer