search

Azure / azure-event-hubs-go

Golang client library for Azure Event Hubs https://azure.microsoft.com/services/event-hubs
MIT License
88 stars 69 forks source link

Any plan to update jwt-go v3.2.0 to a version that has fix for CVE-2020-26160 #258

Open sandeep-sks opened 2 years ago

sandeep-sks commented 2 years ago

Is there a plan to move away from jwt-go v3.2.0 dependency which has this vulnerability CVE-2020-26160 (CVE-2020-26160)

Expected Behavior

Patched version of dependencies or get rid of vulnerable dependencies that are not being maintained

Actual Behavior

A vulnerable version of dependency ( jwt-go v3.2.0)