github.com/coreos/go-oidc dependency is outdated and brings an indirect vulnerable dependency

**Is this a BUG REPORT or FEATURE REQUEST?**: BUG REPORT

**What happened**: `github.com/coreos/go-oidc v2.2.1+incompatible` should be replaced with a newer version `github.com/coreos/go-oidc/v3/oidc` (note, the import path changes as well)

**What you expected to happen**: Get rid of vulnerable `gopkg.in/square/go-jose.v2` dependency (which is not going to be updated anymore).

**How to reproduce it (as minimally and precisely as possible)**: see https://github.com/advisories/GHSA-c5q2-7r4c-mv6g

**Anything else we need to know?**: N/A

**Environment**: N/A


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

github.com/coreos/go-oidc dependency is outdated and brings an indirect vulnerable dependency #2488

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

github.com/coreos/go-oidc dependency is outdated and brings an indirect vulnerable dependency #2488

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions