Skip to content

Commit

Permalink
Merge pull request #3132 from target/go-dep-major-updates
Browse files Browse the repository at this point in the history 
go: update dependencies with major-version updates
  • Loading branch information
@mastercactapus
mastercactapus committed Jun 29, 2023
2 parents 0648276 + 9959fbb commit 1f97527
Show file tree
Hide file tree
Showing 8 changed files with 133 additions and 125 deletions.
6 changes: 3 additions & 3 deletions app/cmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
"strings"
"time"

toml "github.com/pelletier/go-toml"
"github.com/pelletier/go-toml/v2"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand Down Expand Up @@ -354,13 +354,13 @@ Migration: %s (#%d)
return errors.New("config file is required")
}

t, err := toml.LoadFile(file)
data, err := os.ReadFile(file)
if err != nil {
return err
}

var cfg remotemonitor.Config
err = t.Unmarshal(&cfg)
err = toml.Unmarshal(data, &cfg)
if err != nil {
return err
}
Expand Down
10 changes: 2 additions & 8 deletions auth/authlink/store.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"net/url"
"time"

"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/google/uuid"
"github.com/target/goalert/config"
"github.com/target/goalert/keyring"
Expand Down Expand Up @@ -91,17 +91,11 @@ func (s *Store) FindLinkMetadata(ctx context.Context, token string) (*Metadata,

func (s *Store) tokenID(ctx context.Context, token string) (string, error) {
var c jwt.RegisteredClaims
_, err := s.k.VerifyJWT(token, &c)
_, err := s.k.VerifyJWT(token, &c, "goalert", "auth-link")
if err != nil {
return "", validation.WrapError(err)
}

if !c.VerifyIssuer("goalert", true) {
return "", validation.NewGenericError("invalid issuer")
}
if !c.VerifyAudience("auth-link", true) {
return "", validation.NewGenericError("invalid audience")
}
err = validate.UUID("ID", c.ID)
if err != nil {
return "", err
Expand Down
2 changes: 1 addition & 1 deletion auth/github/identityprovider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"strings"
"time"

"github.com/google/go-github/v51/github"
"github.com/google/go-github/v53/github"
"github.com/pkg/errors"
"github.com/target/goalert/auth"
"github.com/target/goalert/config"
Expand Down
6 changes: 2 additions & 4 deletions devtools/sendit/readme_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"strings"
"testing"

"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/target/goalert/devtools/sendit"
Expand All @@ -37,13 +37,11 @@ func TestReadme(t *testing.T) {
var c jwt.RegisteredClaims
tok, err := jwt.ParseWithClaims(token, &c, func(t *jwt.Token) (interface{}, error) {
return []byte(secret), nil
}, jwt.WithValidMethods([]string{"HS256"}))
}, jwt.WithValidMethods([]string{"HS256"}), jwt.WithAudience(sendit.TokenAudienceAuth), jwt.WithIssuer(sendit.TokenIssuer))
require.NoError(t, err, "must be valid jwt")
assert.True(t, tok.Valid, "token must be valid")

assert.Equal(t, "sendit", c.Issuer)
assert.True(t, c.VerifyAudience(sendit.TokenAudienceAuth, true), "must have auth audience")
assert.True(t, c.VerifyIssuer(sendit.TokenIssuer, true), "must have issuer")

// start server
cmd = logCmd(t, "go", "run", "./cmd/sendit-server",
Expand Down
14 changes: 3 additions & 11 deletions devtools/sendit/token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import (
"encoding/hex"
"time"

"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
)

// Token values
Expand Down Expand Up @@ -38,20 +38,12 @@ func TokenSubject(secret []byte, aud, token string) (string, error) {
return nil, jwt.ErrInvalidKeyType
}
return secret, nil
})
}, jwt.WithAudience(aud), jwt.WithIssuer(TokenIssuer), jwt.WithValidMethods([]string{"HS256"}))
if err != nil {
return "", err
}

claims := tok.Claims.(*jwt.RegisteredClaims)
if !claims.VerifyIssuer(TokenIssuer, true) {
return "", jwt.NewValidationError("invalid issuer", jwt.ValidationErrorIssuer)
}
if !claims.VerifyAudience(aud, true) {
return "", jwt.NewValidationError("invalid audience", jwt.ValidationErrorAudience)
}

return claims.Subject, nil
return tok.Claims.(*jwt.RegisteredClaims).Subject, nil
}

func genID() (string, error) {
Expand Down
59 changes: 30 additions & 29 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ require (
github.com/fatih/color v1.15.0
github.com/felixge/httpsnoop v1.0.3
github.com/fullstorydev/grpcui v1.3.1
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/google/go-github/v51 v51.0.0
github.com/google/go-github/v53 v53.2.0
github.com/google/uuid v1.3.0
github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601
github.com/hashicorp/yamux v0.1.1
Expand All @@ -30,7 +30,7 @@ require (
github.com/mailhog/storage v1.0.1
github.com/matcornic/hermes/v2 v2.1.0
github.com/oauth2-proxy/mockoidc v0.0.0-20220308204021-b9169deeb282
github.com/pelletier/go-toml v1.9.5
github.com/pelletier/go-toml/v2 v2.0.8
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.16.0
github.com/rubenv/sql-migrate v1.5.1
Expand All @@ -41,7 +41,7 @@ require (
github.com/stretchr/testify v1.8.4
github.com/tabbed/pqtype v0.1.1
github.com/ttacon/libphonenumber v1.2.1
github.com/vektah/gqlparser/v2 v2.5.5
github.com/vektah/gqlparser/v2 v2.5.6
golang.org/x/crypto v0.10.0
golang.org/x/oauth2 v0.9.0
golang.org/x/sys v0.9.0
Expand All @@ -55,30 +55,31 @@ require (
)

require (
cloud.google.com/go/compute v1.19.1 // indirect
cloud.google.com/go/compute v1.20.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver v1.5.0 // indirect
github.com/Masterminds/sprig v2.22.0+incompatible // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec // indirect
github.com/PuerkitoBio/goquery v1.8.0 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec // indirect
github.com/PuerkitoBio/goquery v1.8.1 // indirect
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
github.com/andybalholm/cascadia v1.3.1 // indirect
github.com/andybalholm/cascadia v1.3.2 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/bufbuild/protocompile v0.5.1 // indirect
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe // indirect
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect
github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
github.com/envoyproxy/go-control-plane v0.11.1 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/fullstorydev/grpcurl v1.8.6 // indirect
github.com/fullstorydev/grpcurl v1.8.7 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/gofrs/uuid v4.2.0+incompatible // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
Expand All @@ -89,46 +90,45 @@ require (
github.com/gorilla/mux v1.8.0 // indirect
github.com/gorilla/pat v1.0.1 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/hashicorp/go-hclog v1.4.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.3 // indirect
github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/ian-kent/envconf v0.0.0-20141026121121-c19809918c02 // indirect
github.com/ian-kent/go-log v0.0.0-20160113211217-5731446c36ab // indirect
github.com/ian-kent/goose v0.0.0-20141221090059-c3541ea826ad // indirect
github.com/ian-kent/linkio v0.0.0-20170807205755-97566b872887 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.2 // indirect
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
github.com/jackc/puddle v1.3.0 // indirect
github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba // indirect
github.com/jhump/protoreflect v1.12.0 // indirect
github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056 // indirect
github.com/jhump/protoreflect v1.15.1 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailhog/MailHog-UI v1.0.1 // indirect
github.com/mailhog/http v1.0.1 // indirect
github.com/mailhog/mhsendmail v0.2.0 // indirect
github.com/mailhog/smtp v1.0.1 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/mattn/go-runewidth v0.0.14 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/ogier/pflag v0.0.1 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/philhofer/fwd v1.1.1 // indirect
github.com/philhofer/fwd v1.1.2 // indirect
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
github.com/rivo/uniseg v0.3.4 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.11.0 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/smartystreets/goconvey v1.7.2 // indirect
github.com/spf13/afero v1.9.5 // indirect
Expand All @@ -138,20 +138,21 @@ require (
github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/t-k/fluent-logger-golang v1.0.0 // indirect
github.com/tinylib/msgp v1.1.6 // indirect
github.com/tinylib/msgp v1.1.8 // indirect
github.com/ttacon/builder v0.0.0-20170518171403-c099f663e1c2 // indirect
github.com/urfave/cli/v2 v2.25.7 // indirect
github.com/vanng822/css v1.0.1 // indirect
github.com/vanng822/go-premailer v1.20.1 // indirect
github.com/vanng822/go-premailer v1.20.2 // indirect
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
golang.org/x/exp/typeparams v0.0.0-20230626212559-97b1e661b5df // indirect
golang.org/x/mod v0.11.0 // indirect
golang.org/x/net v0.11.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/text v0.10.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230525234025-438c736192d0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto v0.0.0-20230626202813-9b080da550b3 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230626202813-9b080da550b3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230626202813-9b080da550b3 // indirect
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
Expand Down
Loading

0 comments on commit 1f97527

Please sign in to comment.