New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release/2.7 backport] remove github.com/dgrijalva/jwt-go #3465
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
github.com/Azure/azure-sdk-for-go 4650843026a7fdec254a8d9cf893693a254edd0b | ||
github.com/Azure/go-autorest eaa7994b2278094c904d31993d26f56324db3052 | ||
github.com/Azure/go-autorest 10e0b31633f168ce1a329dcbdd0ab9842e533fb5 | ||
github.com/sirupsen/logrus 3d4380f53a34dcdc95f0c1db702615992b38d9a4 | ||
github.com/aws/aws-sdk-go f831d5a0822a1ad72420ab18c6269bca1ddaf490 | ||
github.com/bshuster-repo/logrus-logstash-hook d2c0ecc1836d91814e15e23bb5dc309c3ef51f4a | ||
|
@@ -8,9 +8,9 @@ github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274 | |
github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702 | ||
github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782 | ||
github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2 | ||
github.com/dgrijalva/jwt-go a601269ab70c205d26370c16f7c81e9017c14e04 | ||
github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab | ||
github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21 | ||
github.com/form3tech-oss/jwt-go 9162a5abdbc046b7c8b03ee90052cee67e25caa7 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This commit looks to be matching v3.2.2; form3tech-oss/jwt-go@9162a5a...v3.2.2, which is missing a security fix in v3.2.4; form3tech-oss/jwt-go@v3.2.2...v3.2.4 (see https://github.com/form3tech-oss/jwt-go/tree/v3.2.4) |
||
github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257 | ||
github.com/go-ini/ini 2ba15ac2dc9cdf88c110ec2dc0ced7fa45f5678c | ||
github.com/golang/protobuf 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3 | ||
|
@@ -35,7 +35,7 @@ github.com/xenolf/lego a9d8cec0e6563575e5868a005359ac97911b5985 | |
github.com/yvasiyarov/go-metrics 57bccd1ccd43f94bb17fdd8bf3007059b802f85e | ||
github.com/yvasiyarov/gorelic a9bba5b9ab508a086f9a12b8c51fab68478e2128 | ||
github.com/yvasiyarov/newrelic_platform_go b21fdbd4370f3717f3bbd2bf41c223bc273068e6 | ||
golang.org/x/crypto c10c31b5e94b6f7a0283272dc2bb27163dcea24b | ||
golang.org/x/crypto 7f63de1d35b0f77fa2b9faea3e7deb402a2383c8 | ||
golang.org/x/net 4876518f9e71663000c348837735820161a42df7 | ||
golang.org/x/oauth2 045497edb6234273d67dbc25da3f2ddbc4c4cacf | ||
golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see updating Azure/go-autorest brings a substantial number of code changes (for a patch release).
If the bug is in this library, could we instead update just this library to a version with the fix? I see maintains a fork with the fix (IIUC), and we can specify it with a custom location (the equivalent to
replace
ingo.mod
);That would only bring the diff of the jwt-go package;
form3tech-oss/jwt-go@a601269...v3.2.4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gave it a quick attempt; #3466
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not against using a replace if vndr can do that. Should we consider using the fork which the original repository now links to? https://github.com/golang-jwt/jwt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh! Arf... there's two forks now, and both being actively maintained? 😞
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated #3466 with a commit (allowing the differences between those forks to be reviewed)