Replace github.com/dgrijalva/jwt-go with github.com/golang-jwt/jwt #186
Comments
razor-1
added a commit
to razor-1/apns2
that referenced
this issue
Sep 23, 2021
…show#186) chore: implement go modules
|
Is this going to get any attention, or is this project still maintained? Most vulnerability scanners now flag github.com/dgrijalva/jwt-go. |
Merged
sideshow
added a commit
that referenced
this issue
Mar 27, 2022
netrebel
added a commit
to life360/apns2
that referenced
this issue
Jul 18, 2023
…0.23.0 * Add iOS 15 payload additions (sideshow#185) * Add iOS 15 payload additions - Add interruption-level to payload interruption-level options: - passive - active (default if none is passed to apns) - time-sensitive - critical (requires Apple entitlement) - Add relevance-score to payload relevance-score is a number between 0 and 1 The highest score gets featured in the notification summary. * Update readme re iOS 15 features * Fix documentation typo Note that at the time of writing [Apple docs](https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/generating_a_remote_notification#2943360) have a typo, showing `time-senstive` as opposed to `time-sensitive`. Testing has shown that the correct spelling `time-sensitive` does indeed work. * Update builder.go Alphabetically order keys in struct as per @Singwai suggestion. * Allow relevance-score to be set to zero. * Updated to single InterruptionLevel function Co-authored-by: Chris Haines <chris.haines@braze.com> * Go modules support (sideshow#181) * Go Modules Support * Replace Travis with Github Actions (sideshow#190) * Replace Travis with Github Actions * Fix context timeout error * Add Github workflow badge * Add coverage to actions * Update jwt library (sideshow#191) - Resolves sideshow#186 - Resolves sideshow#187 - Resolves sideshow#189 * Use NewReader instead of NewBuffer (sideshow#193) * Add location push type (sideshow#194) * Add location push type * Fix Typo * Add InvalidPushType reason error code * Use type switch with assignment syntax (sideshow#196) * Use POST http constant (sideshow#203) * Use if type conditional (sideshow#198) In that case if type is much simpler and look better. * Simplify FromPemBytes conditional (sideshow#197) - Simplify logic. strings.HasSuffix can check both for suffix and for equality * Use NewRequestWithContext instead of nil checking (sideshow#200) * Use appropriate type cast functions (sideshow#199) * Use appropriate type cast functions * avoid fmt usage * Fix double pointer (sideshow#195) * Refactor request/response variable names (sideshow#205) r *Request is more consistent with n *Notification * Feature/updated http2 transport (sideshow#209) * Update http2 transport * Add ReadIdleTimeout for ping frames * Update defaults for TCP Keepalive * Revert "CF-153: Updating Log to print issuedAt (#7)" This reverts commit 69ea756. * Revert "CF-133: Adding PushTypeLocation (#6)" This reverts commit 3668879. * Reverting Using int64 for timestamp (8fac21d) * Changing module name * gitignore idea directory --------- Co-authored-by: Neil Morton <neil@progressconcepts.com> Co-authored-by: Chris Haines <chris.haines@braze.com> Co-authored-by: jbendotnet <2698840+jbendotnet@users.noreply.github.com> Co-authored-by: Adam Jones <adam@digirati.co.nz> Co-authored-by: Mikhail Faraponov <11322032+moredure@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
github.com/dgrijalva/jwt-go has security vulnerabilities (CVE-2020-26160) filed and is not a maintained library. github.com/golang-jwt/jwt is the community maintained one and has all security fixes
For more details you can look at dgrijalva/jwt-go#469
The text was updated successfully, but these errors were encountered: