Use of a deprecrated API

[cboitel]

github.com/auth0-community/go-auth0 used in jwk_client.go is marked deprecated

Extract of README.md of the library

The Auth0 Community is in the process of deprecating this library, and the repository will no longer be available on Github after the end-of-life date of September 30, 2021. Please make plans to find a suitable replacement or remove this library from any active projects before the end-of-life date. The official Auth0 Go SDK is recommended: https://github.com/go-auth0/auth0. Please reach out in the supporting Auth0 Community topic if you have any questions or concerns.

[gunturaf]

update as of today, the repo is moving again into https://github.com/auth0/go-auth0

[gunturaf]

I think krakend-jose repository must also upgrade other deps as well because if you depend on krakend-jose and use static vuln scanning such as https://github.com/aquasecurity/trivy like I do, there's indirect dependency to https://github.com/dgrijalva/jwt-go

for now what I did was to use replace directive like so

replace github.com/Azure/go-autorest/autorest/adal => github.com/Azure/go-autorest/autorest/adal v0.9.18

[alombarte]

This library was forked and eventually will be rewritten with our custom implementation