Skip to content

Upgrade jose2go#133

Open
AdallomRoy wants to merge 1 commit into99designs:masterfrom
AdallomRoy:master
Open

Upgrade jose2go#133
AdallomRoy wants to merge 1 commit into99designs:masterfrom
AdallomRoy:master

Conversation

@AdallomRoy
Copy link

@AdallomRoy AdallomRoy commented Dec 26, 2023

jose2go has a medium vulnerability this upgrade fixes.
See GHSA-mhpq-9638-x6pw

@AdallomRoy
Copy link
Author

AdallomRoy commented Dec 28, 2023

@mtibben ? Is this project still maintained? Thanks.

@leosunmo
Copy link

leosunmo commented Nov 4, 2024

Bump here, I am getting govulncheck warnings about this. It should be a simple merge, there's no breaking changes in dvsekhvalnov/jose2go v1.6.0 and v1.7.0

gitphill added a commit to gitphill/gosnowflake that referenced this pull request Nov 14, 2025
@gitphill
fix: github.com/dvsekhvalnov/jose2go
926720f 
Similar to snowflakedb#1020
Upgrading transitive module github.com/dvsekhvalnov/jose2go
from 1.6.0 to 1.7.0.

See dvsekhvalnov/jose2go#34
Fixes denial of service attack.
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-13918560

github.com/dvsekhvalnov/jose2go is a dependancy of
github.com/99designs/keyring. That module doesn't seem to be well
maintained any more, see 99designs/keyring#133.
It maybe possible to upgrade naturally should
github.com/99designs/keyring make a new release in the future.
@gitphill gitphill mentioned this pull request Nov 14, 2025
Merged
@sfc-gh-pfus sfc-gh-pfus mentioned this pull request Nov 17, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AdallomRoy @leosunmo