Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

all: bump jwt dependency to v4 due to the incompatiblity of v3 #14

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

scbizu
Copy link
Collaborator

@scbizu scbizu commented Mar 24, 2022

@scbizu scbizu requested review from jdolitsky and cbuto March 24, 2022 03:26
Copy link
Collaborator

@cbuto cbuto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This lgtm but I don’t think it will resolve the issue linked.

The issue is about the CVE associated with github.com/dgrijalva/jwt-go

@scbizu
Copy link
Collaborator Author

scbizu commented Mar 25, 2022

github.com/golang-jwt/jwt is the community clone version of github.com/dgrijalva/jwt-go , their tag list are the same before v3.2.0 , and we do not depend on github.com/dgrijalva/jwt-go according to the mod graph .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

chartMuseum binary contains High Vulnerable github.com/dgrijalva/jwt-go v3.2.0+incompatible library
2 participants