Fix JWT module version and checksum issues #5246

UJESH2K · 2025-10-22T23:19:16Z

PR Title: Fix JWT module version and checksum issues

This PR addresses and improves the JWT module integration in the project. The following updates have been made:

Upgraded github.com/golang-jwt/jwt to v4.5.2
- Ensures we are using the latest stable version of the module.
- Fixes checksum mismatch issues that were preventing successful module verification.
Added replace directives in go.mod
- Ensures Go resolves the correct version of JWT and related dependencies.
- Avoids security warnings and prevents accidental usage of incompatible versions.
Verified all modules with go mod verify
- Confirms that all dependencies now match the expected checksums and are secure.

Why this improvement was needed:

Previously, builds were failing due to checksum mismatches for jwt/v4.
Without this fix, developers might face security warnings or build errors when working on authentication features.
This PR ensures smoother module management and safer dependency handling for everyone using the project.

Impact:

No functional changes to the authentication logic.
Improves developer experience and build stability.
Tested locally: all modules are correctly resolved and the project builds without errors.

Fixes: #5245

Jonsy13 · 2025-10-24T06:53:53Z

Please update this branch with main & resolve conflicts

Jonsy13 · 2025-10-26T05:32:21Z

chaoscenter/authentication/go.mod

+replace github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.0
+
+replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.5.2


Since, the version is already updated above, these replace statements shouldn't be required. Please remove & try.

i am sorry i updated these changes after you merged the file
do i have to do anything now to help ?

Jonsy13 · 2025-10-26T05:34:15Z

chaoscenter/event-tracker/go.mod

 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
+
+replace github.com/form3tech-oss/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.2


It's a indirect dependency, Replacing like this will not work. You may leave it.

sure ill remove it aswell

Jonsy13 · 2025-10-26T05:34:38Z

chaoscenter/upgrade-agents/control-plane/go.mod


 go 1.24.0

+toolchain go1.23.7


This should be removed.

yes i have removed toolchain part

Jonsy13 · 2025-10-27T16:19:17Z

The unit tests are failing because go mod tidy is not executed.
Make sure to run go mod tidy everytime you make changes in go.mod, it updates go.sum file accordingly.
please run it for all components for which you have updated go.mod.

Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…#5239) Signed-off-by: Gurupriyan D A <am400718@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…haos#5240) * docs: Add AWS SSM Chaos experiments to AWS experiments table Add AWS SSM Chaos By ID and AWS SSM Chaos By Tag experiments Fixes litmuschaos#5237 Signed-off-by: Coder-pro1 <sithijaseneviratne@gmail.com> * Fix AWS SSM Chaos links in contents.md Signed-off-by: Seneviratne N S <sithijaseneviratne@gmail.com> --------- Signed-off-by: Coder-pro1 <sithijaseneviratne@gmail.com> Signed-off-by: Seneviratne N S <sithijaseneviratne@gmail.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…eline (litmuschaos#5249) * Added fixes Signed-off-by: git <harness_commons_bot@service.harness.io> * Added fixes Signed-off-by: git <harness_commons_bot@service.harness.io> --------- Signed-off-by: git <harness_commons_bot@service.harness.io> Co-authored-by: git <harness_commons_bot@service.harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…lize controller-runtime envtest failure (litmuschaos#5244) * Fix: resolved vulnerability issues in server Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> * changed goversion to 1.24.0 in every file Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> --------- Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…itmuschaos#5253) (litmuschaos#5261) - Corrected command syntax to use commas between resources. - Kept namespace dynamic using ${chaosInfrastructureNamespace}. - Verified in UI. Signed-off-by: Devank Gupta <devankgupta284@gmail.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…2025-22868 (litmuschaos#5233) * fix(security): upgrade golang.org/x/oauth2 to v0.27.0 to resolve CVE-2025-22868 Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * chore: update Go version to 1.24.0 in go.mod, Dockerfile, and CI workflow Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * fix: use stable golang:1.24.0-bookworm base image in Dockerfile Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * 1.25 go version Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * golang.org/x/crypto v0.35.0 go version Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * golang.org/x/crypto v0.35.0 go version and 1.24 Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * changed docker Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * changed docker Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Temporary commit before rebase Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Changed trivy to v2 and authentication goversion to 1.24.0 Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Revert Trivy v2 change Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * changed build.yml from 1.24 to 1.24.0 Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * removed trivy version mismatch Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * go mod tidy Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> --------- Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Signed-off-by: VIDHITTS <vidhitts@gmail.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…schaos#5236) * fix[5200]: Namespace Compromise via hostPID (litmuschaos#5201) * fix: hostPID set to false Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> * fix: hostPID set to false Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> --------- Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * fix: Potential Denial of Service via unrestricted CPU/memory and root user execution (litmuschaos#5203) * fix: hostPID set to false Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> * fix: hostPID set to false Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> * fix: Potential Denial of Service via unrestricted CPU/memory and root user execution Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> * fix: Potential Denial of Service via unrestricted CPU/memory and root user execution Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> * fix: Potential Denial of Service via unrestricted CPU/memory and root user execution Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> --------- Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * fix: [5167]: updated probe fetching logic in a fault (litmuschaos#5199) * feat: [5167]: updated probe fetching logic in a fault Signed-off-by: Amit Kumar Das <amit.das@harness.io> * feat: [5167]: fixed go fmt Signed-off-by: Amit Kumar Das <amit.das@harness.io> --------- Signed-off-by: Amit Kumar Das <amit.das@harness.io> Co-authored-by: Shubham Chaudhary <shubham.chaudhary@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Update Polices (litmuschaos#5186) * update: governance Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> * update: code of conduct Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> * update: contribution guide Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> * chore: updated community meetings content in Readme Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> * fix: community meeting form link Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> --------- Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Removes hardcoded namespaces for K8s manifests (litmuschaos#5223) Signed-off-by: Bartlomiej Gmerek <bartlomiej.gmerek@canonical.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Ensure SERVER_ADDR includes scheme on re-download manifestFix server addr (litmuschaos#5213) * Ensure SERVER_ADDR includes scheme on re-download manifest Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> * Ensure SERVER_ADDR includes scheme on re-download manifest Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> --------- Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * fix: resolve missing experiment pod logs issue (litmuschaos#5207) Fixed missing experiment pod logs by updating relevant entities and components. Updated workflowRun entity, CustomStepLog controller, and ExperimentRunDetailsPanel to properly handle and display experiment pod logs. Signed-off-by: Harshit Panchbhai <harshit12339@gmail.com> Co-authored-by: Amit Kumar Das <amit.das@harness.io> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Added fixes (litmuschaos#5227) Co-authored-by: git <harness_commons_bot@service.harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * chore(3.22.0): Add the installation manifest for 3.22.0 version (litmuschaos#5229) Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Fixed conversion issues and added formatting improvements Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * changed all go version to 1.24.0 Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Delete test-chaoscenter-mods.ps1 Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Delete test-chaoscenter-mods.ps1 Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> * Update Dockerfile Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> --------- Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com> Signed-off-by: Amit Kumar Das <amit.das@harness.io> Signed-off-by: PriteshKiri <pritesh.d.kiri@gmail.com> Signed-off-by: Bartlomiej Gmerek <bartlomiej.gmerek@canonical.com> Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: Harshit Panchbhai <harshit12339@gmail.com> Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io> Co-authored-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Co-authored-by: Amit Kumar Das <amit.das@harness.io> Co-authored-by: Shubham Chaudhary <shubham.chaudhary@harness.io> Co-authored-by: Bartlomiej Gmerek <42570669+Gmerold@users.noreply.github.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Co-authored-by: harshit12339 <37114289+harshit12339@users.noreply.github.com> Co-authored-by: git <harness_commons_bot@service.harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

litmuschaos#5279) Signed-off-by: Umesh Kumar Pal <umeshpal8141@gmail.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…uschaos#5276) Signed-off-by: Umesh Kumar Pal <umeshpal8141@gmail.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…muschaos#5241) * Refactor MongoDB index creation for ChaosProbeCollection Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> * fix-Cannot reuse probe name after deletion Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> * Update Go base image version to 1.24.6 Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> * Update Go version to 1.24 Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> * reverting go version Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> * reverting go version Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> --------- Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Co-authored-by: Sarthak Jain <sarthak.jain@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

* Update StatusHeatMap.tsx Signed-off-by: khushi Tiwari <khushi13102001@gmail.com> Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> * Update StatusHeatMap.module.scss Signed-off-by: khushi Tiwari <khushi13102001@gmail.com> Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> --------- Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Signed-off-by: khushi1310 <89256629+khushi1310@users.noreply.github.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…rom advanced options (litmuschaos#5271) Signed-off-by: Amit Kumar Das <amit.das@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

…itmuschaos#5253) (litmuschaos#5274) - Corrected command syntax to use commas between resources. - Kept namespace dynamic using ${chaosInfrastructureNamespace}. - Verified in UI. Signed-off-by: Devank Gupta <devankgupta284@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

UJESH2K force-pushed the fix/jwt branch from 89f16dc to 6040b99 Compare October 22, 2025 23:21

UJESH2K mentioned this pull request Oct 23, 2025

fix(security): upgrade golang.org/x/oauth2 to v0.27.0 to resolve CVE-2025-22868 #5233

Merged

PriteshKiri added Hacktoberfest hacktoberfest-accepted Accepted for HacktoberFest labels Oct 24, 2025

Jonsy13 reviewed Oct 26, 2025

View reviewed changes

UJESH2K force-pushed the fix/jwt branch from d53a9a1 to 778d6cd Compare October 28, 2025 13:30

UJESH2K and others added 20 commits October 28, 2025 19:51

Fix JWT module version and checksum issue

808487d

Signed-off-by: UJESH2K <ujeshyadav20k5@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

docs: add missing GCP experiments to documentation table (litmuschaos…

fae9ab2

…#5239) Signed-off-by: Gurupriyan D A <am400718@gmail.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Update go.mod

10bf851

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Update go.mod

56ccf63

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

Update go.mod

757b48e

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

fixed name issue (litmuschaos#5250)

6080ace

Signed-off-by: VIDHITTS <vidhitts@gmail.com> Co-authored-by: Pritesh Kiri <77957844+PriteshKiri@users.noreply.github.com> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

docs: update footer year of experiment docs to 2025 (litmuschaos#5277) (

814894d

litmuschaos#5279) Signed-off-by: Umesh Kumar Pal <umeshpal8141@gmail.com> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

fix: [4998]: added tolerations in chaos engine spec when configured f…

d3b0c83

…rom advanced options (litmuschaos#5271) Signed-off-by: Amit Kumar Das <amit.das@harness.io> Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

go mod tidy to all

8a2e7ed

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

resolving conflicts

79c49bb

Signed-off-by: UJESH KUMAR YADAV <154934631+UJESH2K@users.noreply.github.com>

UJESH2K force-pushed the fix/jwt branch from 969aae8 to 79c49bb Compare October 28, 2025 19:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Fix JWT module version and checksum issues #5246

Fix JWT module version and checksum issues #5246

Uh oh!

UJESH2K commented Oct 22, 2025 •

edited

Loading

Uh oh!

Jonsy13 commented Oct 24, 2025

Uh oh!

Jonsy13 Oct 26, 2025

Uh oh!

UJESH2K Oct 27, 2025

Uh oh!

Jonsy13 Oct 26, 2025

Uh oh!

UJESH2K Oct 27, 2025

Uh oh!

Jonsy13 Oct 26, 2025

Uh oh!

UJESH2K Oct 27, 2025

Uh oh!

Jonsy13 commented Oct 27, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

		replace github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.0

		replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.5.2

Uh oh!

Fix JWT module version and checksum issues #5246

Are you sure you want to change the base?

Fix JWT module version and checksum issues #5246

Uh oh!

Conversation

UJESH2K commented Oct 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Jonsy13 commented Oct 24, 2025

Uh oh!

Jonsy13 Oct 26, 2025

Choose a reason for hiding this comment

Uh oh!

UJESH2K Oct 27, 2025

Choose a reason for hiding this comment

Uh oh!

Jonsy13 Oct 26, 2025

Choose a reason for hiding this comment

Uh oh!

UJESH2K Oct 27, 2025

Choose a reason for hiding this comment

Uh oh!

Jonsy13 Oct 26, 2025

Choose a reason for hiding this comment

Uh oh!

UJESH2K Oct 27, 2025

Choose a reason for hiding this comment

Uh oh!

Jonsy13 commented Oct 27, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

UJESH2K commented Oct 22, 2025 •

edited

Loading