From aa2b8e05c2197dc92f60bbb45397381ad90ff728 Mon Sep 17 00:00:00 2001 From: lgtm <1gtm@users.noreply.github.com> Date: Sat, 9 Oct 2021 04:45:35 -0700 Subject: [PATCH] [cherry-pick] Fix jwt-go security vulnerability (#999) (#1006) /cherry-pick Signed-off-by: 1gtm <1gtm@appscode.com> --- go.mod | 4 +++- go.sum | 2 +- vendor/modules.txt | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 812d2cf59..d3478ca8b 100644 --- a/go.mod +++ b/go.mod @@ -127,6 +127,8 @@ replace sigs.k8s.io/application => github.com/kmodules/application v0.8.4-0.2021 replace github.com/satori/go.uuid => github.com/gofrs/uuid v4.0.0+incompatible -replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt v3.2.2+incompatible +replace github.com/dgrijalva/jwt-go => github.com/gomodules/jwt v3.2.2+incompatible replace github.com/form3tech-oss/jwt-go => github.com/form3tech-oss/jwt-go v3.2.5+incompatible + +replace github.com/golang-jwt/jwt => github.com/golang-jwt/jwt v3.2.2+incompatible diff --git a/go.sum b/go.sum index f13e14045..6c3d0149e 100644 --- a/go.sum +++ b/go.sum @@ -235,7 +235,6 @@ github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -251,6 +250,7 @@ github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= +github.com/gomodules/jwt v3.2.2+incompatible/go.mod h1:cOm5eKP+RVgQveNVZfQ7ZEc5KPmk2F2i/JNDKlkzzDQ= github.com/gomodules/validate v0.19.8-1.16/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= diff --git a/vendor/modules.txt b/vendor/modules.txt index 128c881f4..3c8f1196a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -655,5 +655,6 @@ stash.appscode.dev/apimachinery/pkg/util # k8s.io/utils => k8s.io/utils v0.0.0-20201110183641-67b214c5f920 # sigs.k8s.io/application => github.com/kmodules/application v0.8.4-0.20210427030912-90eeee3bc4ad # github.com/satori/go.uuid => github.com/gofrs/uuid v4.0.0+incompatible -# github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt v3.2.2+incompatible +# github.com/dgrijalva/jwt-go => github.com/gomodules/jwt v3.2.2+incompatible # github.com/form3tech-oss/jwt-go => github.com/form3tech-oss/jwt-go v3.2.5+incompatible +# github.com/golang-jwt/jwt => github.com/golang-jwt/jwt v3.2.2+incompatible