You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2021/05/21 18:23:00 UTC
[pulsar-client-go] branch master updated: update jwt-go dependency
to resolve vulnerabilities (#524)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-client-go.git
The following commit(s) were added to refs/heads/master by this push:
new 320b42c update jwt-go dependency to resolve vulnerabilities (#524)
320b42c is described below
commit 320b42ca08eb2c1fdc53f16a683dda6b0693857d
Author: xdingsplk <84...@users.noreply.github.com>
AuthorDate: Fri May 21 14:21:40 2021 -0400
update jwt-go dependency to resolve vulnerabilities (#524)
Co-authored-by: Edward Ding <xd...@splunk.com>
---
go.sum | 2 ++
oauth2/auth.go | 2 +-
oauth2/go.mod | 2 +-
oauth2/go.sum | 2 ++
4 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/go.sum b/go.sum
index a14857b..673c126 100644
--- a/go.sum
+++ b/go.sum
@@ -33,6 +33,8 @@ github.com/dimfeld/httptreemux v5.0.1+incompatible h1:Qj3gVcDNoOthBAqftuD596rm4w
github.com/dimfeld/httptreemux v5.0.1+incompatible/go.mod h1:rbUlSV+CCpv/SuqUTP/8Bk2O3LyUV436/yaRGkhP6Z0=
github.com/dvsekhvalnov/jose2go v0.0.0-20200901110807-248326c1351b h1:HBah4D48ypg3J7Np4N+HY/ZR76fx3HEUGxDU6Uk39oQ=
github.com/dvsekhvalnov/jose2go v0.0.0-20200901110807-248326c1351b/go.mod h1:7BvyPhdbLxMXIYTFPLsyJRFMsKmOZnQmzh6Gb+uquuM=
+github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
+github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
diff --git a/oauth2/auth.go b/oauth2/auth.go
index 69c2085..dc09e11 100644
--- a/oauth2/auth.go
+++ b/oauth2/auth.go
@@ -22,7 +22,7 @@ import (
"time"
"github.com/apache/pulsar-client-go/oauth2/clock"
- "github.com/dgrijalva/jwt-go/v4"
+ "github.com/form3tech-oss/jwt-go"
"golang.org/x/oauth2"
)
diff --git a/oauth2/go.mod b/oauth2/go.mod
index 153a415..091477d 100644
--- a/oauth2/go.mod
+++ b/oauth2/go.mod
@@ -4,7 +4,7 @@ go 1.13
require (
github.com/99designs/keyring v1.1.6
- github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
+ github.com/form3tech-oss/jwt-go v3.2.3+incompatible
github.com/onsi/ginkgo v1.14.0
github.com/onsi/gomega v1.10.1
github.com/pkg/errors v0.9.1
diff --git a/oauth2/go.sum b/oauth2/go.sum
index c75f53a..a0c6f9d 100644
--- a/oauth2/go.sum
+++ b/oauth2/go.sum
@@ -13,6 +13,8 @@ github.com/dvsekhvalnov/jose2go v0.0.0-20180829124132-7f401d37b68a h1:mq+R6XEM6l
github.com/dvsekhvalnov/jose2go v0.0.0-20180829124132-7f401d37b68a/go.mod h1:7BvyPhdbLxMXIYTFPLsyJRFMsKmOZnQmzh6Gb+uquuM=
github.com/dvsekhvalnov/jose2go v0.0.0-20200901110807-248326c1351b h1:HBah4D48ypg3J7Np4N+HY/ZR76fx3HEUGxDU6Uk39oQ=
github.com/dvsekhvalnov/jose2go v0.0.0-20200901110807-248326c1351b/go.mod h1:7BvyPhdbLxMXIYTFPLsyJRFMsKmOZnQmzh6Gb+uquuM=
+github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
+github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=