Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: upgraded to golang-jwt v5 #446

Merged
merged 1 commit into from
Oct 18, 2023
Merged

Conversation

robbert229
Copy link
Contributor

This PR upgrades golang-jwt to the newest v5 version. The upgrade is pretty convenient as v4 has some painful bugs such as golang-jwt/jwt#98 which are resolved in v5.

@@ -11,7 +11,7 @@ type DecodedAccessTokenHeader struct {

// Claims served by keycloak inside the accessToken
type Claims struct {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

StandardClaims has been deprecated for a while, and was finally removed in v5. RegisteredClaims is the new equivalent.

@Nerzal
Copy link
Owner

Nerzal commented Oct 6, 2023

Hi!
Thank you for your contribution.
Although unrelated to your changes, could you pls check if there is an update available for the "pkg:golang/golang.org/x/net@v0.7.0" dependency and if so update it in go.mod?

The pipeline is failing due to a security issue in that version.

@robbert229
Copy link
Contributor Author

I can do that. :)

@@ -4,17 +4,17 @@ go 1.18

require (
github.com/go-resty/resty/v2 v2.7.0
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/opentracing/opentracing-go v1.2.0
github.com/pkg/errors v0.9.1
github.com/segmentio/ksuid v1.0.4
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crypto needed to be updated in order to bump golang.org/x/net

@@ -6258,7 +6258,7 @@ func Test_CreatePermissionTicket(t *testing.T) {
})

// we're expecting validity error because we didn't supply secret
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error message changed due to the upgrade, so I just changed the test to check if the returned error is the ErrTokenSignatureInvalid error, instead of comparing the text

@robbert229
Copy link
Contributor Author

@Nerzal fyi i think everything is done on my side.

@robbert229
Copy link
Contributor Author

robbert229 commented Oct 13, 2023

Build is failing due to CVE released two days ago with the net package. Do you want me to update the package again?

I updated the net package again

@codecov
Copy link

codecov bot commented Oct 18, 2023

Codecov Report

Merging #446 (8ef820f) into main (166f442) will increase coverage by 0.01%.
Report is 3 commits behind head on main.
The diff coverage is 77.77%.

@@            Coverage Diff             @@
##             main     #446      +/-   ##
==========================================
+ Coverage   77.25%   77.26%   +0.01%     
==========================================
  Files           4        4              
  Lines        2198     2261      +63     
==========================================
+ Hits         1698     1747      +49     
- Misses        338      345       +7     
- Partials      162      169       +7     
Files Coverage Δ
models.go 90.38% <100.00%> (+0.06%) ⬆️
client.go 75.82% <77.41%> (+0.04%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

Copy link
Owner

@Nerzal Nerzal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution!

@Nerzal Nerzal merged commit 08a69ff into Nerzal:main Oct 18, 2023
5 checks passed
@robbert229 robbert229 deleted the feature/upgrade branch October 18, 2023 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants