fix: jwt dependency upgrade

IBM / go-sdk-core

The go-sdk-core repository contains core functionality required by Go code generated by the IBM OpenAPI SDK Generator.

Apache License 2.0

30 stars 24 forks source link

fix: jwt dependency upgrade #81

Closed christiancompton closed 3 years ago

christiancompton commented 3 years ago

This upgrade changes the dgrijalva/jwt-go v3.2.0 to use form3tech-oss/jwt-go v3.2.1, a fork which as addressed the high severity security vulnerability.

There has been a lot of conversation about this fix in https://github.com/dgrijalva/jwt-go/issues/428, but this project is not maintained by its authors and a fix to this project seems unlikely given this conversation.

ibm-devx-automation commented 3 years ago

:tada: This PR is included in version 4.7.1 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: