Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in jwt-go package #1712

Closed
mollylogue opened this issue Dec 7, 2020 · 3 comments
Closed

Vulnerability in jwt-go package #1712

mollylogue opened this issue Dec 7, 2020 · 3 comments
Labels
duplicate security

Comments

@mollylogue
Copy link

Issue Description

The dependency on github.com/dgrijalva/jwt-go introduces the following vulnerability: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515. The fix is to upgrade the dependency to version 4.0.0-preview1.
@mollylogue mollylogue mentioned this issue Dec 7, 2020
Closed
@mollylogue
Copy link
Author

PR to update to most recent version of jwt-go: #1713

@pafuent
Copy link
Contributor

pafuent commented Dec 14, 2020

Hi @mollylogue, first of all thanks for creating the issue!!!
As @lammel mentioned on your PR, all the discussions related to this vulnerability are on #1663. If you are OK, I prefer that you close this issue as duplicate of #1647

@mollylogue
Copy link
Author

Closing this as a duplicate.

@pedromss pedromss mentioned this issue Jan 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update jwt-go version to remove vulnerability mollylogue/echo
3 participants
@lammel @pafuent @mollylogue