Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
to address CVE-2020-26160 full diff: golang-jwt/jwt@a601269...v3.2.2 3.2.1 release notes --------------------------------------- - Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt - Fixed type confusion issue between string and []string in VerifyAudience. This fixes CVE-2020-26160 3.2.2 release notes --------------------------------------- - Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16. - Fixed a potential issue that could occur when the verification of exp, iat or nbf was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork. - Added support for EdDSA / ED25519. - Optimized allocations. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Loading branch information