Update JWT library to github.com/golang-jwt/jwt (#1568)

- The former repo has been migrated (see dgrijalva/jwt-go#462). - Dependabot alerted on a security issue in the old version (GHSA-w73w-5m7g-f7qc). This issue should not effect Fleet due to no use of `aud` claims.
fleetdm · Aug 6, 2021 · 9db49a1 · 9db49a1
1 parent ccd5298
commit 9db49a1
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 138 deletions.
diff --git a/ee/server/licensing/licensing.go b/ee/server/licensing/licensing.go
@@ -7,8 +7,8 @@ import (
 	"encoding/pem"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
 	"github.com/fleetdm/fleet/v4/server/fleet"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/pkg/errors"
 )
 

diff --git a/go.mod b/go.mod
@@ -17,7 +17,6 @@ require (
 	github.com/briandowns/spinner v0.0.0-20170614154858-48dbb65d7bd5
 	github.com/cenkalti/backoff/v4 v4.0.0
 	github.com/davecgh/go-spew v1.1.1
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dnaeon/go-vcr/v2 v2.0.1
 	github.com/e-dard/netbug v0.0.0-20151029172837-e64d308a0b20
 	github.com/elazarl/go-bindata-assetfs v1.0.0
@@ -29,14 +28,14 @@ require (
 	github.com/go-kit/kit v0.9.0
 	github.com/go-logfmt/logfmt v0.5.0 // indirect
 	github.com/go-sql-driver/mysql v1.5.0
+	github.com/golang-jwt/jwt/v4 v4.0.0
 	github.com/gomodule/redigo v1.8.4
 	github.com/google/go-cmp v0.5.6
 	github.com/google/go-github/v37 v37.0.0
 	github.com/google/uuid v1.1.2
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.4.2
 	github.com/gosuri/uilive v0.0.4
-	github.com/groob/mockimpl v0.0.0-20170306012045-dfa944a2a940 // indirect
 	github.com/igm/sockjs-go/v3 v3.0.0
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/jonboulle/clockwork v0.2.2 // indirect
@@ -50,7 +49,6 @@ require (
 	github.com/mna/redisc v1.2.1
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/open-policy-agent/opa v0.24.0
-	github.com/patrickmn/sortutil v0.0.0-20120526081524-abeda66eb583
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v0.9.3
 	github.com/prometheus/client_model v0.2.0 // indirect