Security issue: resolve GHSA-2c7c-3mj9-8fqh

[mikecook]

An attacker specifying a large "p2c" value can cause JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large amounts of CPU, causing a DoS.

Update package github.com/coreos/go-oidc to version that requires fixed version of go-jose. Note that github.com/square/go-jose is deprecated and has been replaced by github.com/go-jose/go-jose

commands run:

• go get -u github.com/coreos/go-oidc/v3@v3.9.0
• go mod tidy -go=1.16

see:

• https://github.com/advisories/GHSA-2c7c-3mj9-8fqh
• https://github.com/coreos/go-oidc/pull/399
• https://github.com/square/go-jose
• https://github.com/go-jose/go-jose

[mikecook]

@techknowlogick Can you please review.

[techknowlogick]

@mikecook thanks for ping/PR. I've just kicked off CI and once passes I'll be able to merge :)