From fff481af48053bc381c5575180e4762632a0068d Mon Sep 17 00:00:00 2001 From: Yar Krvtsov Date: Mon, 19 Jul 2021 10:19:35 +0300 Subject: [PATCH] Upgrade jwt library https://github.com/andygrunwald/go-jira/issues/343 https://github.com/dgrijalva/jwt-go has been abondoned (see https://github.com/dgrijalva/jwt-go/issues/462). In order to fix the vulnarability we have to switch to a community driven fork https://github.com/golang-jwt/jwt . The issue has been fixed in https://github.com/golang-jwt/jwt/pull/12 --- go.mod | 2 +- go.sum | 4 ++-- jira.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c24091ef..c70857d7 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/andygrunwald/go-jira go 1.12 require ( - github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/fatih/structs v1.1.0 + github.com/golang-jwt/jwt v3.2.1+incompatible github.com/google/go-cmp v0.5.6 github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index 31cc6303..c09a21dd 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= +github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= +github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135 h1:zLTLjkaOFEFIOxY5BWLFLwh+cL8vOBW4XJ2aqLE/Tf0= diff --git a/jira.go b/jira.go index 784f34f7..7d7702bb 100644 --- a/jira.go +++ b/jira.go @@ -15,7 +15,7 @@ import ( "strings" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt" "github.com/google/go-querystring/query" "github.com/pkg/errors" )