Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use golang-jwt/jwt to replace dgrijalva/jwt-go #1845

Merged
merged 2 commits into from
Oct 7, 2021
Merged

chore: use golang-jwt/jwt to replace dgrijalva/jwt-go #1845

merged 2 commits into from
Oct 7, 2021

Conversation

barn
Copy link
Contributor

@barn barn commented Oct 6, 2021

dgrijalva's jwt is no longer maintained. The golang-jwt says it is a drop in replacement for v4. This also fixes CVE-2020-26160 which possibly won't be fixed in dgrijalva's version.

also updates the use of github.com/bradleyfalzon/ghinstallation, which again, depended on the older library. Though that is a change of v1 to v2.

@barn
Migrate dgrijalva/jwt-go to golang-jwt/jwt/v4
362feaf 
dgrijalva's jwt is no longer maintained. The golang-jwt says it is a
drop in replacement for v4. This also fixes CVE-2020-26160 which
possibly won't be fixed in dgrijalva's version.
@barn
Update occurrences of bradleyfalzon/ghinstallation to v2
b997b56 
v2.0.3 pulls in golang-jwt/jwt over the now unmaintained
dgrijalva/jwt-go.
@barn barn requested a review from a team as a code owner October 6, 2021 23:49
@chenrui333 chenrui333 changed the title Migrate jwt go chore: use golang-jwt/jwt to replace dgrijalva/jwt-go Oct 7, 2021
@chenrui333
Copy link
Member

Thanks @barn!

@chenrui333 chenrui333 merged commit 070f517 into runatlantis:master Oct 7, 2021
krrrr38 pushed a commit to krrrr38/atlantis that referenced this pull request Dec 16, 2022
@barn @krrrr38
chore: use golang-jwt/jwt to replace dgrijalva/jwt-go (runatlantis#1845)
159f070 
* Migrate dgrijalva/jwt-go to golang-jwt/jwt/v4

dgrijalva's jwt is no longer maintained. The golang-jwt says it is a
drop in replacement for v4. This also fixes CVE-2020-26160 which
possibly won't be fixed in dgrijalva's version.

* Update occurrences of bradleyfalzon/ghinstallation to v2

v2.0.3 pulls in golang-jwt/jwt over the now unmaintained
dgrijalva/jwt-go.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenrui333 chenrui333 chenrui333 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@barn @chenrui333