Sebastiaan van Stijn c5679da3a1 [release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1 ... to address CVE-2020-26160 full diff: a601269ab7...v3.2.2 3.2.1 release notes --------------------------------------- - Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt - Fixed type confusion issue between string and []string in VerifyAudience. This fixes CVE-2020-26160 3.2.2 release notes --------------------------------------- - Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16. - Fixed a potential issue that could occur when the verification of exp, iat or nbf was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork. - Added support for EdDSA / ED25519. - Optimized allocations. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>		2021-08-10 13:05:39 +02:00
..
jwt-go	[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1	2021-08-10 13:05:39 +02:00