Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate to github.com/golang-jwt/jwt #95

Closed
nikoksr opened this issue Oct 6, 2022 · 0 comments
Closed

Migrate to github.com/golang-jwt/jwt #95

nikoksr opened this issue Oct 6, 2022 · 0 comments

Comments

@nikoksr
Copy link

nikoksr commented Oct 6, 2022

Hi @kevinburke,

first of all thank you a whole lot for maintaing this project! We're successfully using this library in Notify. However, yesterday dependabot threw a security alert about a flaw in github.com/dgrijalva/jwt-go. We were able to backtrace the dependency graph to this library here.

Not sure if you're aware of this yet, so I just quickly wanted to let you know and check if you plan to replace this with, as recommended, https://github.com/golang-jwt/jwt. Of course, depending on the required effort, I'd be willing to help out with this too!

Best regards
kevinburke pushed a commit that referenced this issue Jul 16, 2024
@igagankalra @kevinburke
token,twilioclient: remove JWT functionality
7c99f93 
We do not want to have worry about vulnerabilities in JWT. I am not
sure that this code was ever in wide use. Users who have a continued
need for JWT can integrate their own code with this library.

Fixes #95.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nikoksr