Migrate to golang-jwt #1121
Labels
Comments
|
Hi @senorprogrammer , the link for the dependabot report is broken so I am unable to see which CVE is mentioned. Also, can you point me to Contributions doc on how to raise PR for any issue, also build tests etc. PS: New to contributions in general and go modules. |
|
It's this one GHSA-w73w-5m7g-f7qc And to contribute, create a PR with the changes and make sure the existing tests pass 🙂 If you need any help with Go or tooling, feel free to ask on this issue, or in the Slack channel. |
siddhant94
pushed a commit
to siddhant94/wtf
that referenced
this issue
Oct 17, 2021
Replace transitive dependency of dgrijalva/jwt-go to golang-jwt/jwt to mitigate auth bypass (CVE-2020-26160)
Merged
|
I have raised the PR. Let me know if something else needs to be done here. |
senorprogrammer
pushed a commit
that referenced
this issue
Oct 21, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What should it do?
Migrate from
jwt-gotogolang-jwtbecause of security issues.See this report for details https://github.com/wtfutil/wtf/security/dependabot/go.sum/github.com%2Fdgrijalva%2Fjwt-go/open
The text was updated successfully, but these errors were encountered: