Skip to content

Commit cc14ccf

Browse files
zalimenizalimeni
authored
[NET-6617] security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0 (hashicorp#19705)
security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0 This version is accepted by Prisma/Twistlock, resolving scan results for issue PRISMA-2022-0270. Chosen over later versions to avoid a major version with breaking changes that is otherwise unnecessary. Note that in practice this is a false positive (see golang-jwt/jwt#258), but we should update the version to aid customers relying on scanners that flag it.
1 parent eded2ff commit cc14ccf

File tree

3 files changed

+6
-2
lines changed

3 files changed

+6
-2
lines changed

.changelog/19705.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:security
2+
Update `github.com/golang-jwt/jwt/v4` to v4.5.0 to address [PRISMA-2022-0270](https://github.com/golang-jwt/jwt/issues/258).
3+
```

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ require (
183183
github.com/go-openapi/validate v0.22.1 // indirect
184184
github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
185185
github.com/gogo/protobuf v1.3.2 // indirect
186-
github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
186+
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
187187
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
188188
github.com/golang/protobuf v1.5.3 // indirect
189189
github.com/golang/snappy v0.0.4 // indirect

go.sum

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -361,8 +361,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
361361
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
362362
github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
363363
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
364-
github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
365364
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
365+
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
366+
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
366367
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
367368
github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
368369
github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=

0 commit comments

Comments
 (0)