Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jwt-go security warning, why aren't all of the packages up to date? #672

Closed
AsafMah opened this issue Jan 6, 2022 · 1 comment
Closed

jwt-go security warning, why aren't all of the packages up to date? #672

AsafMah opened this issue Jan 6, 2022 · 1 comment

Comments

@AsafMah
Copy link

AsafMah commented Jan 6, 2022

I'm trying to solve the security alert for jwt-go:
https://github.com/Azure/azure-kusto-go/security/dependabot/go.sum/github.com%2Fdgrijalva%2Fjwt-go/open

It seems that it was solved here - #645
Which is good, but the problem is that some of the packages in here still depend on an old version of adal:

Specifically, from my usage:

Is there a reason that all of them didn't upgrade to the newest adal?
This was referenced Jan 12, 2022
Merged
Merged
Merged
@jhendrixMSFT
Copy link
Member

Fixed in autorest/v0.11.24 autorest/azure/cli/v0.4.5 autorest/azure/auth/v0.5.11

@killbot99 killbot99 mentioned this issue Mar 24, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AsafMah @jhendrixMSFT