Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[MAINT]/[SECURITY]: bump go-jose to from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 #2343

Merged
merged 1 commit into from
Aug 16, 2024
Merged

[MAINT]/[SECURITY]: bump go-jose to from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 #2343

merged 1 commit into from
Aug 16, 2024

Conversation

AtzeDeVries
Copy link
Contributor

square/go-jose is not maintained anymore. Release v3 is the release to migrate to when you migrate to go-jose/go-jose.
https://github.com/go-jose/go-jose/releases/tag/v3.0.0
Release 4 contains breaking changes

We bump to 3.0.3 because this contains the sec fix:
Limit decompression output size to prevent a DoS. Backport from v4.0.1.

closes: #2341

@AtzeDeVries
[MAINT]: bump go-jose to from gopkg.in/square/go-jose.v2 to github.co…
84c2429 
…m/go-jose/go-jose/v3

square/go-jose is not maintained anymore. Release v3 is the release to migrate to when you migrate to go-jose/go-jose.
https://github.com/go-jose/go-jose/releases/tag/v3.0.0
Release 4 contains breaking changes

We bump to 3.0.3 because this contains the sec fix:
Limit decompression output size to prevent a DoS. Backport from v4.0.1.

closes: integrations#2341
@AtzeDeVries AtzeDeVries changed the title [MAINT]: bump go-jose to from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 [MAINT]/[SECURITY]: bump go-jose to from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 Aug 9, 2024
kfcampbell
kfcampbell approved these changes Aug 16, 2024
View reviewed changes
Copy link
Member

@kfcampbell kfcampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for identifying and fixing this!

@kfcampbell kfcampbell merged commit b52ce70 into integrations:main Aug 16, 2024
1 check passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@kfcampbell kfcampbell kfcampbell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[MAINT]: go dependency square/go-jose.v2 contains vulnerability. Consider migrating to go-jose/go-jose
2 participants
@AtzeDeVries @kfcampbell