Bump version of "github.com/golang-jwt/jwt/v4" to v4.4.3

[Bjyothi2023]

Terraform Version

Terraform version 1.6.3

Terraform Configuration Files

NA

Debug Output

Security vulnerability "PRISMA-2022-0270" reported because of "github.com/golang-jwt/jwt/v4" version v4.4.2.
Fixed version available is v4.4.3
Requesting you to update "github.com/golang-jwt/jwt/v4" version from v4.4.2 to v4.4.3

Expected Behavior

Vulnerability scanner should not report PRISMA-2022-0270

Actual Behavior

Vulnerability scanner reporting PRISMA-2022-0270

Steps to Reproduce

By running twistlock security scanner over container installed with Terraform

Additional Context

No response

References

No response

[apparentlymart]

Hi @Bjyothi2023,

According to the upstream issue golang-jwt/jwt#258, this vulnerability report is invalid. The upstream maintainers suggest that the new release does not change anything material about the code and instead they've just clarified the documentation to reflect correct vs. incorrect usage of the library, and so upgrading alone would not be sufficient if there was a problem here.

For our part, we will review our usage of this library to ensure we are not using it in the incorrect way that issue discusses.