iorvd opened a new pull request #715: URL: https://github.com/apache/pulsar-client-go/pull/715
### Motivation 1. `github.com/dgrijalva/jwt-go` contains a known CVE [vulnerability](https://github.com/advisories/GHSA-w73w-5m7g-f7qc) 2. This dependency was replaced with another jwt package. 3. But `oauth2` package version wasn't updated in master, so `github.com/apache/pulsar-client-go` still depends on it at the moment: <img width="568" alt="image" src="https://user-images.githubusercontent.com/93676586/150176886-0aae211e-274d-478a-beaa-57fedb7e99c4.png";> ### Modifications Update the version of `oauth2` to the latest commit to that package ### Verifying this change - [ ] Make sure that the change passes the CI checks. This change is a trivial rework / code cleanup without any test coverage. ``` $ go get github.com/apache/pulsar-client-go/oauth2@fe3b7c4e445b $ cd $(go env GOPATH)/pkg/mod/github.com/apache/pulsar-client-go/[email protected]/ $ go mod why github.com/dgrijalva/jwt-go ``` <img width="752" alt="image" src="https://user-images.githubusercontent.com/93676586/150177986-e1461672-d6fa-4094-87cf-cab2f43eabd1.png";> ### Does this pull request potentially affect one of the following parts: *If `yes` was chosen, please highlight the changes* - Dependencies (does it add or upgrade a dependency): yes, upgrades oauth2 package version to the latest in master - The public API: no - The schema: no - The default values of configurations: no - The wire protocol: no ### Documentation - Does this pull request introduce a new feature? no - If yes, how is the feature documented? not applicable - If a feature is not applicable for documentation, explain why? version update - If a feature is not documented yet in this PR, please create a followup issue for adding the documentation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
![https://user-images.githubusercontent.com/93676586/150176886-0aae211e-274d-478a-beaa-57fedb7e99c4.png"](https://user-images.githubusercontent.com/93676586/150176886-0aae211e-274d-478a-beaa-57fedb7e99c4.png"){kind=link}
![https://user-images.githubusercontent.com/93676586/150177986-e1461672-d6fa-4094-87cf-cab2f43eabd1.png"](https://user-images.githubusercontent.com/93676586/150177986-e1461672-d6fa-4094-87cf-cab2f43eabd1.png"){kind=link}