-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: upgraded to golang-jwt v5 #446
Conversation
@@ -11,7 +11,7 @@ type DecodedAccessTokenHeader struct { | |||
|
|||
// Claims served by keycloak inside the accessToken | |||
type Claims struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
StandardClaims has been deprecated for a while, and was finally removed in v5. RegisteredClaims is the new equivalent.
Hi! The pipeline is failing due to a security issue in that version. |
I can do that. :) |
1bebd7a
to
8a26ab0
Compare
@@ -4,17 +4,17 @@ go 1.18 | |||
|
|||
require ( | |||
github.com/go-resty/resty/v2 v2.7.0 | |||
github.com/golang-jwt/jwt/v4 v4.5.0 | |||
github.com/golang-jwt/jwt/v5 v5.0.0 | |||
github.com/opentracing/opentracing-go v1.2.0 | |||
github.com/pkg/errors v0.9.1 | |||
github.com/segmentio/ksuid v1.0.4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
crypto needed to be updated in order to bump golang.org/x/net
8a26ab0
to
b646305
Compare
@@ -6258,7 +6258,7 @@ func Test_CreatePermissionTicket(t *testing.T) { | |||
}) | |||
|
|||
// we're expecting validity error because we didn't supply secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This error message changed due to the upgrade, so I just changed the test to check if the returned error is the ErrTokenSignatureInvalid error, instead of comparing the text
@Nerzal fyi i think everything is done on my side. |
Build is failing due to CVE released two days ago with the net package. I updated the net package again |
b646305
to
8ef820f
Compare
Codecov Report
@@ Coverage Diff @@
## main #446 +/- ##
==========================================
+ Coverage 77.25% 77.26% +0.01%
==========================================
Files 4 4
Lines 2198 2261 +63
==========================================
+ Hits 1698 1747 +49
- Misses 338 345 +7
- Partials 162 169 +7
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your contribution!
This PR upgrades golang-jwt to the newest v5 version. The upgrade is pretty convenient as v4 has some painful bugs such as golang-jwt/jwt#98 which are resolved in v5.