From 6f1d34ee32f617337e24326198e2445f9ecd1d11 Mon Sep 17 00:00:00 2001
From: catatsuy <catatsuy@catatsuy.org>
Date: Tue, 16 Feb 2021 18:47:42 +0900
Subject: [PATCH] switch to a fork of jwt-go with a fix to CVE-2020-26160

refs: https://github.com/dgrijalva/jwt-go/issues/428
---
 buford/token/token.go | 2 +-
 go.mod                | 2 +-
 go.sum                | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/buford/token/token.go b/buford/token/token.go
index a1d7b70..e92999c 100644
--- a/buford/token/token.go
+++ b/buford/token/token.go
@@ -12,7 +12,7 @@ import (
 	"sync"
 	"time"
 
-	jwt "github.com/dgrijalva/jwt-go"
+	jwt "github.com/form3tech-oss/jwt-go"
 )
 
 const (
diff --git a/go.mod b/go.mod
index e2b002b..54d605d 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.15
 
 require (
 	github.com/client9/reopen v1.0.0
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/form3tech-oss/jwt-go v3.2.2+incompatible
 	github.com/fukata/golang-stats-api-handler v1.0.0
 	github.com/lestrrat-go/server-starter v0.0.0-20210101230921-50cd1900b5bc
 	github.com/pelletier/go-toml v1.8.1
diff --git a/go.sum b/go.sum
index bd1fd3f..8b617e3 100644
--- a/go.sum
+++ b/go.sum
@@ -5,8 +5,8 @@ github.com/client9/reopen v1.0.0/go.mod h1:caXVCEr+lUtoN1FlsRiOWdfQtdRHIYfcb0ai8
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fukata/golang-stats-api-handler v1.0.0 h1:N6M25vhs1yAvwGBpFY6oBmMOZeJdcWnvA+wej8pKeko=
 github.com/fukata/golang-stats-api-handler v1.0.0/go.mod h1:1sIi4/rHq6s/ednWMZqTmRq3765qTUSs/c3xF6lj8J8=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=