fix replace block for golang-jwt/jwt/v4 to fix GHSA-29wx-vh33-7x7r

kedacore / keda

KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

https://keda.sh

Apache License 2.0

8.56k stars 1.08k forks source link

Closed hectorj2f closed 4 days ago

hectorj2f commented 4 days ago

Provide a description of what has been changed

[x] I have verified that my change is according to the deprecations & breaking changes policy
[x] Commits are signed with Developer Certificate of Origin (DCO - learn more)

Fixes CVE GHSA-29wx-vh33-7x7r by removing any old dependencies github.com/dgrijalva/jwt-go and bumping github.com/golang-jwt/jwt/v4 to 4.5.1

JorTurFer commented 4 days ago

Hello Thanks for the PR, but we don't plan to ship any new version for v2.14. That vulnerability is already solved in v2.16