Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move to upstream-maintained golang-jwt v3 [port to 1.9] #21927

Closed
davidby-influx opened this issue Jul 22, 2021 · 0 comments · Fixed by #21935
Closed

move to upstream-maintained golang-jwt v3 [port to 1.9] #21927

davidby-influx opened this issue Jul 22, 2021 · 0 comments · Fixed by #21935
Assignees
@davidby-influx
Labels
1.x area/auth team/edge

Comments

@davidby-influx
Copy link
Contributor

Port #21925 to 1.9 branch
See here for the port to master-1.x: #21926
@davidby-influx davidby-influx self-assigned this Jul 22, 2021
@jdstrand jdstrand changed the title upgrade to golang-jwt 3.2.1 to fix CVE-2020-26160 [port to 1.9] move to upstream-maintained golang-jwt v3 [port to 1.9] Jul 22, 2021
jdstrand added a commit to jdstrand/influxdb that referenced this issue Jul 23, 2021
@jdstrand
chore: use community maintained golang-jwt
1f245cc 
The dgrijalva/jwt-go project is no longer maintained[1] and they have
transferred ownership to golang-jwt/jwt[2][3][4]. We should move to the
supported golang-jwt/jwt.

The following was performed:

1. update services/httpd/handler*.go to import golang-jwt/jwt
2. revert testcase string comparison changes from 225bcec (back to v3)
2. go mod edit -require github.com/golang-jwt/[email protected]+incompatible
3. go mod edit -droprequire github.com/dgrijalva/jwt-go
4. go mod tidy  # see note
5. go clean ./... && go build ./...
6. go test ./...

Note: 'go mod tidy' had unrelated changes (perhaps it wasn't run in
recent commits) so I removed the unrelated delta to keep this PR focused
on the dgrijalva/jwt-go to golang-jwt/jwt changes.

References:
[1] dgrijalva/jwt-go#462
[2] dgrijalva/jwt-go#463
[3] https://github.com/dgrijalva/jwt-go/blob/master/README.md
[4] https://github.com/golang-jwt/jwt
[5] influxdata#21927
@jdstrand jdstrand mentioned this issue Jul 23, 2021
Merged
4 tasks
@davidby-influx davidby-influx linked a pull request Jul 23, 2021 that will close this issue
chore: use community maintained golang-jwt #21935
Merged
4 tasks
jdstrand added a commit that referenced this issue Jul 23, 2021
@jdstrand
chore: use community maintained golang-jwt (#21935)
9cf7b88 
The dgrijalva/jwt-go project is no longer maintained[1] and they have
transferred ownership to golang-jwt/jwt[2][3][4]. We should move to the
supported golang-jwt/jwt.

The following was performed:

1. update services/httpd/handler*.go to import golang-jwt/jwt
2. revert testcase string comparison changes from 225bcec (back to v3)
2. go mod edit -require github.com/golang-jwt/[email protected]+incompatible
3. go mod edit -droprequire github.com/dgrijalva/jwt-go
4. go mod tidy  # see note
5. go clean ./... && go build ./...
6. go test ./...

Note: 'go mod tidy' had unrelated changes (perhaps it wasn't run in
recent commits) so I removed the unrelated delta to keep this PR focused
on the dgrijalva/jwt-go to golang-jwt/jwt changes.

References:
[1] dgrijalva/jwt-go#462
[2] dgrijalva/jwt-go#463
[3] https://github.com/dgrijalva/jwt-go/blob/master/README.md
[4] https://github.com/golang-jwt/jwt
[5] #21927
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidby-influx davidby-influx

Labels
1.x area/auth team/edge
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: use community maintained golang-jwt jdstrand/influxdb
2 participants
@jdstrand @davidby-influx