Skip to content

Commit

Permalink
security: switch to github.com/golang-jwt/jwt (#2601)
Browse files Browse the repository at this point in the history 
This switches our jwt library because of a security bug in
github.com/dgrijalva/jwt-go
  • Loading branch information
@docmerlin
docmerlin authored Aug 2, 2021
1 parent 0eaf184 commit 5064b13
Show file tree
Hide file tree
Showing 7 changed files with 8 additions and 6 deletions.
2 changes: 1 addition & 1 deletion LICENSE_OF_DEPENDENCIES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Dependencies
* github.com/BurntSushi/toml [MIT](https://github.com/BurntSushi/toml/blob/master/COPYING)
* github.com/boltdb/bolt [MIT](https://github.com/boltdb/bolt/blob/master/LICENSE)
* github.com/cenkalti/backoff [MIT](https://github.com/cenkalti/backoff/blob/master/LICENSE)
* github.com/dgrijalva/jwt-go [MIT](https://github.com/dgrijalva/jwt-go/blob/master/LICENSE)
* github.com/golang-jwt/jwt [MIT](https://github.com/golang-jwt/jwt/blob/master/LICENSE)
* github.com/dustin/go-humanize [MIT](https://github.com/dustin/go-humanize/blob/master/LICENSE)
* github.com/golang/protobuf [BSD](https://github.com/golang/protobuf/blob/master/LICENSE)
* github.com/google/uuid [BSD](https://github.com/google/uuid/blob/master/LICENSE)
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ require (
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cespare/xxhash v1.1.0
github.com/davecgh/go-spew v1.1.1
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/dgryski/go-bits v0.0.0-20180113010104-bd8a69a71dc2 // indirect
github.com/docker/docker v20.10.5+incompatible
github.com/dustin/go-humanize v1.0.0
Expand All @@ -21,6 +20,7 @@ require (
github.com/frankban/quicktest v1.11.0 // indirect
github.com/geoffgarside/ber v0.0.0-20170306085127-854377f11dfb // indirect
github.com/ghodss/yaml v1.0.0
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/protobuf v1.4.3
github.com/google/btree v1.0.0
github.com/google/go-cmp v0.5.5
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,8 @@ github.com/gogo/protobuf v1.2.2-0.20190730201129-28a6bbf47e48/go.mod h1:SlYgWuQ5
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
Expand Down
2 changes: 1 addition & 1 deletion influxdb/token_client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"sync/atomic"
"time"

"github.com/dgrijalva/jwt-go"
"github.com/golang-jwt/jwt"
"github.com/influxdata/flux"
"github.com/influxdata/kapacitor/keyvalue"
"github.com/pkg/errors"
Expand Down
2 changes: 1 addition & 1 deletion server/server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import (
"time"

"github.com/davecgh/go-spew/spew"
jwt "github.com/dgrijalva/jwt-go"
jwt "github.com/golang-jwt/jwt"
"github.com/google/go-cmp/cmp"
"github.com/influxdata/flux/fluxinit"
iclient "github.com/influxdata/influxdb/client/v2"
Expand Down
2 changes: 1 addition & 1 deletion services/auth/meta/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
"net/url"
"time"

"github.com/dgrijalva/jwt-go"
"github.com/golang-jwt/jwt"
)

const controlClientUA = "InfluxDB Cluster Client"
Expand Down
2 changes: 1 addition & 1 deletion services/httpd/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
"strings"
"time"

"github.com/dgrijalva/jwt-go"
"github.com/golang-jwt/jwt"
"github.com/influxdata/influxdb"
"github.com/influxdata/influxdb/influxql"
"github.com/influxdata/influxdb/models"
Expand Down

0 comments on commit 5064b13

Please sign in to comment.