From eeb4f8b8ff0abf6e12518486d02bdca6bb8d6e94 Mon Sep 17 00:00:00 2001 From: Craig Johnston Date: Fri, 6 Aug 2021 10:05:56 -0700 Subject: [PATCH] deps update for CVE-2020-26160 --- cmd/jwtpxy.go | 3 +-- go.mod | 1 + go.sum | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cmd/jwtpxy.go b/cmd/jwtpxy.go index d5c4523..d5bbdea 100644 --- a/cmd/jwtpxy.go +++ b/cmd/jwtpxy.go @@ -18,8 +18,7 @@ import ( "github.com/txn2/jwtpxy" - "github.com/dgrijalva/jwt-go" - + "github.com/golang-jwt/jwt" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" "github.com/prometheus/client_golang/prometheus/promhttp" diff --git a/go.mod b/go.mod index c0a5505..fac8df9 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.15 require ( github.com/dgrijalva/jwt-go v3.2.0+incompatible + github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/prometheus/client_golang v1.2.1 go.uber.org/zap v1.13.0 ) diff --git a/go.sum b/go.sum index d1cf213..6e7ef78 100644 --- a/go.sum +++ b/go.sum @@ -20,6 +20,9 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang-jwt/jwt v1.0.2 h1:Nj1npK0K5RnXGo1SxoOixRGAehIZ2326eXuca9gX9A4= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=