refactor: use golang-jwt/jwt instead of dgrijalva/jwt-go

Vonage / vonage-go-sdk

A lightweight library to help Go users everywhere integrate with the Vonage APIs. Issues and PRs all really welcome!!

https://vonage.github.io/vonage-go-sdk/

Apache License 2.0

51 stars 32 forks source link

refactor: use golang-jwt/jwt instead of dgrijalva/jwt-go #70

Closed novalagung closed 2 years ago

novalagung commented 2 years ago

refer to CVE-2020-26160

it's recommended to use github.com/golang-jwt/jwt instead of github.com/dgrijalva/jwt-go. the lib is backward compatible. it is actually the cloned version of dgrijalva's and actively maintained.

abdulajet commented 2 years ago

Thanks for the PR @novalagung. I think we are missing a change in the jwt_test file?

novalagung commented 2 years ago

@abdulajet thanks for responding. I'll update the test, will ping you once it's ready

novalagung commented 2 years ago

@abdulajet please retest. I pushed some updates.

The JWT lib is changed to github.com/golang-jwt/jwt@v3.2.1. That specific version includes an update that patches the CVE-2020-26160

moficodes commented 2 years ago

@novalagung thanks for the PR.