From 17e92b0b397e8ecf0ade61924b5839bda2ff2771 Mon Sep 17 00:00:00 2001 From: Craig Johnston Date: Mon, 9 Aug 2021 09:31:49 -0700 Subject: [PATCH] fix for CVE-2020-26160 --- go.sum | 1 + token.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/go.sum b/go.sum index 6e7ef78..b6f8966 100644 --- a/go.sum +++ b/go.sum @@ -12,6 +12,7 @@ github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tj github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v1.0.2 h1:KPldsxuKGsS2FPWsNeg9ZO18aCrGKujPoWXn2yo+KQM= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= diff --git a/token.go b/token.go index b42ea5c..6df8b6c 100644 --- a/token.go +++ b/token.go @@ -7,7 +7,7 @@ import ( "net/http" "reflect" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt" "go.uber.org/zap" )