What happened?
We need to remove all dependencies to github.com/dgrijalva/jwt-go since it is no longer maintained and contains a security issue.
We are removing all direct dependencies with #166, however, there are still some indirect dependencies that we cannot simply remove yet. See the discussion here: #166 (comment)
In short, this is currently blocked by the echo framework and they claim that their usage is safe regarding the security issue: labstack/echo#1916 (comment). We need to keep an eye there and apply once a solution is available.
How can we reproduce it?
Check occurrences of github.com/dgrijalva/jwt-go in go.sum file
//cc @ulucinar @negz
What happened?
We need to remove all dependencies to github.com/dgrijalva/jwt-go since it is no longer maintained and contains a security issue.
We are removing all direct dependencies with #166, however, there are still some indirect dependencies that we cannot simply remove yet. See the discussion here: #166 (comment)
In short, this is currently blocked by the echo framework and they claim that their usage is safe regarding the security issue: labstack/echo#1916 (comment). We need to keep an eye there and apply once a solution is available.
How can we reproduce it?
Check occurrences of github.com/dgrijalva/jwt-go in go.sum file
//cc @ulucinar @negz