Security
- Upgrade @auth0/auth0-spa-js to 1.22.6 #468 (ewanharris)
This patch release is identical to 1.12.0 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used by @auth0/auth0-spa-js.
Even though 1.22.5 of @auth0/auth0-spa-js was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency of @auth0/auth0-spa-js, we are cutting a release to ensure build tools no longer report our SDK's that use @auth0/auth0-spa-js as vulnerable to the mentioned CVE.