Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/golang-jwt/jwt/v4 version to v4.4.3 #12564

Closed
Bjyothi2023 opened this issue Aug 9, 2023 · 2 comments
Closed

Bump github.com/golang-jwt/jwt/v4 version to v4.4.3 #12564

Bjyothi2023 opened this issue Aug 9, 2023 · 2 comments
Labels
bug post-processor/compress security Auto-pinning stage/accepted Confirmed, and intend to work on. No timeline commitment though.

Comments

@Bjyothi2023
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Overview of the Issue

Vulnerability "PRISMA-2022-0270" is reported in packer due to "github.com/golang-jwt/jwt/v4", and fix is available in v4.4.3

Reproduction Steps

Running any security scanner tool

Packer version

From 1.9.2
@Bjyothi2023 Bjyothi2023 added the bug label Aug 9, 2023
@nywilken nywilken added stage/accepted Confirmed, and intend to work on. No timeline commitment though. security Auto-pinning post-processor/compress labels Oct 17, 2023
@nywilken
Copy link
Contributor

Thanks for reporting this issue. The vulnerable package has been removed and the fix will be in the next Packer release.

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug post-processor/compress security Auto-pinning stage/accepted Confirmed, and intend to work on. No timeline commitment though.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nywilken @Bjyothi2023