Replace github.com/dgrijalva/jwt-go because of security issue

infobloxopen / atlas-app-toolkit

This repository provides common Go utilities and helpers that are reusable from project-to-project. The goal is to prevent code duplication by encouraging teams to use and contribute to toolkit libraries. The toolkit is not a framework. Rather, it is a set of (mostly gRPC-related) plugins and helpers.

Apache License 2.0

99 stars 116 forks source link

Replace github.com/dgrijalva/jwt-go because of security issue #291

Closed danhruby closed 2 years ago

danhruby commented 3 years ago

github.com/dgrijalva/jwt-go has security issue (https://github.com/advisories/GHSA-w73w-5m7g-f7qc) and is recommended to replace the library with github.com/golang-jwt/jwt

rchowinfoblox commented 2 years ago

Fixed in master branch https://github.com/infobloxopen/atlas-app-toolkit/pull/318, merged in master branch https://github.com/infobloxopen/atlas-app-toolkit/commit/c87e65012ebb5df978dcf555e871ddd89b8aa34d tagged release https://github.com/infobloxopen/atlas-app-toolkit/releases/tag/v1.2.0

Fixed in v0 branch https://github.com/infobloxopen/atlas-app-toolkit/pull/319, merged in v0 branch https://github.com/infobloxopen/atlas-app-toolkit/commit/d3e5cabd276b16707124efbe282599aa3aa37ee2 tagged release https://github.com/infobloxopen/atlas-app-toolkit/releases/tag/v0.26.0