Skip to content

Commit 4a144a8

Browse files
lizkenyonclaude
lizkenyon
and
claude
committed
Update firebase/php-jwt to ^7.0 to fix security vulnerability
Resolves #454. The firebase/php-jwt ^5.2 || ^6.2 constraint is affected by security advisory GHSA-2x45-7fc3-mxwq (CVE-2025-45769), which prevents Composer from installing the library without warnings. - Update firebase/php-jwt constraint to ^7.0 - Regenerate composer.lock on PHP 8.1 to maintain compatibility - Update test secrets to meet v7 minimum HMAC key size (32 bytes) - Extract test secrets into named constants for readability - Fix broken packagist link in README Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 6591f32 commit 4a144a8

8 files changed

Lines changed: 753 additions & 556 deletions

File tree

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
66
and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
77

88
## Unreleased
9+
- [#456](https://github.com/Shopify/shopify-api-php/pull/456) [Patch] Update firebase/php-jwt to ^7.0 to address security vulnerability (GHSA-2x45-7fc3-mxwq)
910

1011
## v6.1.0 - 2026-01-21
1112
- [#450](https://github.com/Shopify/shopify-api-php/pull/450) [Minor] Add support for 2026-01 API version

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
**Note:** We've released a new experimental package for PHP. Please read [rethinking our support for PHP & Python packages](https://community.shopify.dev/t/rethinking-support-for-php-python-packages/28325). The new PHP package supports the latest Shopify platform features and we'd love your feedback. Please see [shopify-app-php](packagist.org/packages/shopify/shopify-app-php) to get started.
1+
**Note:** We've released a new experimental package for PHP. Please read [rethinking our support for PHP & Python packages](https://community.shopify.dev/t/rethinking-support-for-php-python-packages/28325). The new PHP package supports the latest Shopify platform features and we'd love your feedback. Please see [shopify-app-php](https://packagist.org/packages/shopify/shopify-app-php) to get started.
22

33
# Shopify API Library for PHP
44

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
"ext-json": "*",
2828
"ext-mbstring": "*",
2929
"doctrine/inflector": "^2.0",
30-
"firebase/php-jwt": "^5.2 || ^6.2",
30+
"firebase/php-jwt": "^7.0",
3131
"guzzlehttp/guzzle": "^7.0",
3232
"guzzlehttp/psr7": "^2.0",
3333
"psr/http-client": "^1.0",

0 commit comments

Comments
 (0)