From 9f2c28955af82c3016d38c9837dbe626b8d1d80c Mon Sep 17 00:00:00 2001 From: debasishbsws Date: Wed, 6 Nov 2024 16:59:22 +0000 Subject: [PATCH 1/2] chore: Remove github.com/dgrijalva/jwt-go from replace as it is not getting used anywhere The module is not getting used anywhere but it is mentioned in the go.mod file and now it causing error when we try to update the github.com/golang-jwt/jwt/v4 which is getting used error: Signed-off-by: debasishbsws --- go.mod | 8 ++------ go.sum | 4 +++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 8ae68b7c5c4..5d67128491b 100644 --- a/go.mod +++ b/go.mod @@ -40,6 +40,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4 github.com/aws/aws-sdk-go-v2/service/sqs v1.34.3 github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 + github.com/beanstalkd/go-beanstalk v0.2.0 github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/denisenkom/go-mssqldb v0.12.3 @@ -117,7 +118,6 @@ require ( sigs.k8s.io/controller-tools v0.15.0 sigs.k8s.io/custom-metrics-apiserver v1.29.0 sigs.k8s.io/kustomize/kustomize/v5 v5.4.3 - github.com/beanstalkd/go-beanstalk v0.2.0 ) // Remove this when they merge the PR and cut a release https://github.com/open-policy-agent/cert-controller/pull/202 @@ -143,10 +143,6 @@ replace ( // we need a version with a proper license github.com/chzyer/logex => github.com/chzyer/logex v1.2.1 - // https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-26160 - github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.4.0 - github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.0 - // opentelemetry cannot update to 1.25.0 according to the dependencies of google.golang.org/grpc //go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc => go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.24.0 @@ -298,7 +294,7 @@ require ( github.com/mattn/go-runewidth v0.0.15 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/mitchellh/mapstructure v1.5.0 github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect diff --git a/go.sum b/go.sum index 5db432af5c9..a8a1b5ec09f 100644 --- a/go.sum +++ b/go.sum @@ -1023,6 +1023,7 @@ github.com/denisenkom/go-mssqldb v0.12.3 h1:pBSGx9Tq67pBOTLmxNuirNTeB8Vjmf886Kx+ github.com/denisenkom/go-mssqldb v0.12.3/go.mod h1:k0mtMFOnU+AihqFxPMiF05rtiDrorD1Vrm1KEz5hxDo= github.com/dennwc/varint v1.0.0 h1:kGNFFSSw8ToIy3obO/kKr8U9GZYUAxQEVuix4zfDWzE= github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= @@ -1157,7 +1158,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= -github.com/golang-jwt/jwt/v4 v4.4.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= From 708e59e2b78de3c5db3b46fa7840c61f16ba5c1d Mon Sep 17 00:00:00 2001 From: debasishbsws Date: Wed, 6 Nov 2024 17:17:02 +0000 Subject: [PATCH 2/2] Update the Vendor files Signed-off-by: debasishbsws --- vendor/modules.txt | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/vendor/modules.txt b/vendor/modules.txt index 07f8e3baa61..8d56f45367c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -702,7 +702,7 @@ github.com/gogo/protobuf/types # github.com/golang-jwt/jwt v3.2.2+incompatible ## explicit github.com/golang-jwt/jwt -# github.com/golang-jwt/jwt/v4 v4.5.0 => github.com/golang-jwt/jwt/v4 v4.5.0 +# github.com/golang-jwt/jwt/v4 v4.5.0 ## explicit; go 1.16 github.com/golang-jwt/jwt/v4 # github.com/golang-jwt/jwt/v5 v5.2.1 @@ -2909,8 +2909,6 @@ sigs.k8s.io/yaml/goyaml.v3 # k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 # k8s.io/metrics => k8s.io/metrics v0.29.7 # github.com/chzyer/logex => github.com/chzyer/logex v1.2.1 -# github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.4.0 -# github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.0 # golang.org/x/crypto => golang.org/x/crypto v0.25.0 # golang.org/x/net => golang.org/x/net v0.27.0 # golang.org/x/text => golang.org/x/text v0.16.0