(pulsar) 04/04: [fix][sec] Upgrade jwt/v5 to 5.2.2 to address CVE-2025-30204 (#24140)

Fri, 28 Mar 2025 14:53:24 -0700 

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit 0d38ff17b158318736f9319b3ab77d410850ce83
Author: Lari Hotari <lhot...@users.noreply.github.com>
AuthorDate: Fri Mar 28 16:13:43 2025 +0200

    [fix][sec] Upgrade jwt/v5 to 5.2.2 to address CVE-2025-30204 (#24140)
    
    (cherry picked from commit f0296b54734a1c951f6d2170738becfb7d17a990)
---
 pulsar-function-go/examples/go.mod | 2 +-
 pulsar-function-go/examples/go.sum | 4 ++--
 pulsar-function-go/go.mod          | 2 +-
 pulsar-function-go/go.sum          | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pulsar-function-go/examples/go.mod 
b/pulsar-function-go/examples/go.mod
index f50b77edd7a..0eabf1bc739 100644
--- a/pulsar-function-go/examples/go.mod
+++ b/pulsar-function-go/examples/go.mod
@@ -19,7 +19,7 @@ require (
        github.com/danieljoos/wincred v1.1.2 // indirect
        github.com/dvsekhvalnov/jose2go v1.6.0 // indirect
        github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
-       github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+       github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
        github.com/golang/protobuf v1.5.4 // indirect
        github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // 
indirect
        github.com/hamba/avro/v2 v2.22.2-0.20240625062549-66aad10411d9 // 
indirect
diff --git a/pulsar-function-go/examples/go.sum 
b/pulsar-function-go/examples/go.sum
index 505c64414ca..ae424e40eff 100644
--- a/pulsar-function-go/examples/go.sum
+++ b/pulsar-function-go/examples/go.sum
@@ -70,8 +70,8 @@ github.com/godbus/dbus 
v0.0.0-20190726142602-4481cbc300e2/go.mod h1:bBOAhwG1umN6
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod 
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod 
h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v5 v5.2.1 
h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod 
h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.2 
h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod 
h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/mock v1.4.3/go.mod 
h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/protobuf v1.5.4 
h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod 
h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
diff --git a/pulsar-function-go/go.mod b/pulsar-function-go/go.mod
index c8d66c1deb8..ca02fb525d1 100644
--- a/pulsar-function-go/go.mod
+++ b/pulsar-function-go/go.mod
@@ -27,7 +27,7 @@ require (
        github.com/davecgh/go-spew v1.1.1 // indirect
        github.com/dvsekhvalnov/jose2go v1.6.0 // indirect
        github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
-       github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+       github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
        github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // 
indirect
        github.com/hamba/avro/v2 v2.22.2-0.20240625062549-66aad10411d9 // 
indirect
        github.com/hashicorp/errwrap v1.1.0 // indirect
diff --git a/pulsar-function-go/go.sum b/pulsar-function-go/go.sum
index 505c64414ca..ae424e40eff 100644
--- a/pulsar-function-go/go.sum
+++ b/pulsar-function-go/go.sum
@@ -70,8 +70,8 @@ github.com/godbus/dbus 
v0.0.0-20190726142602-4481cbc300e2/go.mod h1:bBOAhwG1umN6
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod 
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod 
h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v5 v5.2.1 
h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod 
h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.2 
h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod 
h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/mock v1.4.3/go.mod 
h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/protobuf v1.5.4 
h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod 
h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=

Reply via email to