Skip to content

Update deps#209

Merged
carmenlau merged 3 commits into
authgear:mainfrom
tung2744:update-deps
May 27, 2026
Merged

Update deps#209
carmenlau merged 3 commits into
authgear:mainfrom
tung2744:update-deps

Conversation

@tung2744

Copy link
Copy Markdown
Contributor

No description provided.

Adds a Claude Code skill at .claude/skills/audit-deps/SKILL.md that
audits iOS (SPM) and RubyGems dependencies for known vulnerabilities,
upgrades safe ones automatically, and summarizes breaking-change blockers
for manual review.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fastlane 2.235.0 loosened its jwt constraint from <3 to <4, allowing
jwt to be upgraded to 3.2.0 which fixes the empty-key HMAC bypass
(CVE-2026-45363). Closes Dependabot alert authgear#23.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@carmenlau carmenlau merged commit a16f84d into authgear:main May 27, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants