Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update go-jose to version 4.0.2 to fix vulnerability #345

Closed
wants to merge 1 commit into from
Closed

fix(deps): update go-jose to version 4.0.2 to fix vulnerability #345

wants to merge 1 commit into from

Conversation

panapol-p
Copy link

ref : #344

Definition of Ready

  • I am happy with the code
  • Short description of the feature/issue is added in the pr description
  • PR is linked to the corresponding user story
  • Acceptance criteria are met
  • All open todos and follow ups are defined in a new ticket and justified
  • Deviations from the acceptance criteria and design are agreed with the PO and documented.
  • No debug or dead code
  • My code has no repetitions
  • Critical parts are tested automatically
  • Where possible E2E tests are implemented
  • Documentation/examples are up-to-date
  • All non-functional requirements are met
  • Functionality of the acceptance criteria is checked manually on the dev system.

@hifabienne hifabienne added the os-contribution This is a contribution from our open-source community label Jun 12, 2024
@hifabienne hifabienne linked an issue Jun 12, 2024 that may be closed by this pull request
fix(deps): update go-jose to version 4.0.2 to fix vulnerability #344
Closed
@muhlemmer muhlemmer self-requested a review June 13, 2024 09:17
muhlemmer
muhlemmer requested changes Jun 17, 2024
View reviewed changes
Copy link

@muhlemmer muhlemmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for your PR.

We have next branch were we are managing breaking changes for the next major release of this package. In that branch we already did the upgrade to github.com/zitadel/oidc/v3. Therefore the jose upgrade should target the next branch instead and update oidc from v3.5.1 to v3.25.1 over there.

We will look into merging next in main this week.

go.mod
@@ -1,25 +1,33 @@
module github.com/zitadel/zitadel-go/v2

go 1.19
go 1.22.4
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note we support the last 2 releases of Go. Therefore the go version for the module cannot be higher than 1.21.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your review @muhlemmer
To confirm, should we wait for the next branch to incorporate these changes and close this current merge request?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better close this and I you want you can open a PR to the next branch. Otherwise we'll take care of it.

@panapol-p panapol-p closed this Jun 17, 2024
@panapol-p panapol-p mentioned this pull request Jun 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muhlemmer muhlemmer muhlemmer requested changes

Assignees
No one assigned
Labels
os-contribution This is a contribution from our open-source community
Projects
Product Management
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(deps): update go-jose to version 4.0.2 to fix vulnerability
3 participants
@panapol-p @muhlemmer @hifabienne