rwhitworth
commented
2 years ago Adding this to my downstream project's go.mod seems to have upgraded the library:
replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0Note that I do not claim to be a golang developer. This workaround may be incorrect. It seems to be working for now.
It looks like dgrijalva/jwt-go has been superseded by the golang-jwt/jwt library. The older 'dgrijalva' library has security vulnerabilities logged against it. Could this repo change to use the golang-jwt/jwt library in its place?