New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release/2.7 backport] remove github.com/dgrijalva/jwt-go #3465
[release/2.7 backport] remove github.com/dgrijalva/jwt-go #3465
Conversation
By updating github.com/Azure/go-autorest/autorest to v.0.11.19 (10e0b31633f168ce1a329dcbdd0ab9842e533fb5) Backport of github.com/distribution#3459 Signed-off-by: Bracken Dawson <abdawson@gmail.com>
54451ee
to
5906192
Compare
Codecov Report
@@ Coverage Diff @@
## release/2.7 #3465 +/- ##
============================================
Coverage 58.77% 58.77%
============================================
Files 102 102
Lines 7085 7085
============================================
Hits 4164 4164
Misses 2280 2280
Partials 641 641 Continue to review full report at Codecov.
|
@@ -8,9 +8,9 @@ github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274 | |||
github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702 | |||
github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782 | |||
github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2 | |||
github.com/dgrijalva/jwt-go a601269ab70c205d26370c16f7c81e9017c14e04 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see updating Azure/go-autorest brings a substantial number of code changes (for a patch release).
If the bug is in this library, could we instead update just this library to a version with the fix? I see maintains a fork with the fix (IIUC), and we can specify it with a custom location (the equivalent to replace
in go.mod
);
github.com/dgrijalva/jwt-go a601269ab70c205d26370c16f7c81e9017c14e04 | |
github.com/dgrijalva/jwt-go a211650c6ae1cff6d7347d3e24070d65dcfb1122 https://github.com/form3tech-oss/jwt-go.git # v3.2.4 |
That would only bring the diff of the jwt-go package;
form3tech-oss/jwt-go@a601269...v3.2.4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gave it a quick attempt; #3466
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not against using a replace if vndr can do that. Should we consider using the fork which the original repository now links to? https://github.com/golang-jwt/jwt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh! Arf... there's two forks now, and both being actively maintained? 😞
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated #3466 with a commit (allowing the differences between those forks to be reviewed)
github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab | ||
github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21 | ||
github.com/form3tech-oss/jwt-go 9162a5abdbc046b7c8b03ee90052cee67e25caa7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This commit looks to be matching v3.2.2; form3tech-oss/jwt-go@9162a5a...v3.2.2, which is missing a security fix in v3.2.4; form3tech-oss/jwt-go@v3.2.2...v3.2.4 (see https://github.com/form3tech-oss/jwt-go/tree/v3.2.4)
Let's close this one in favour of #3466 |
looks like github didn't auto-close this one for some reason. #3466 was merged, so let me close this one (thanks @brackendawson !) |
By updating github.com/Azure/go-autorest/autorest to v.0.11.19 (10e0b31633f168ce1a329dcbdd0ab9842e533fb5)
Backport of #3459
#3361