fix(deps): update go-jose to new updated repo due to migration (#630)

* updates go-jose to new updated repo due to migration - updated from /square/go-jose to /go-jose/go-jose - updates to v2.6.3 - addresses CVE-2016-9123 and CVE-2016-9121 - fixes tests that were adjusting for a 1s delay * revert 299>300 in op_test.go
2024-08-27 05:58:50 -04:00 · 2024-08-27 05:58:50 -04:00 · 2308e2f8be
commit 2308e2f8be
parent e8769ce896
32 changed files with 33 additions and 33 deletions
--- a/example/server/storage/storage.go
+++ b/example/server/storage/storage.go
@ -12,7 +12,7 @@ import (
 	"time"
 	"github.com/google/uuid"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
--- a/example/server/storage/storage_dynamic.go
+++ b/example/server/storage/storage_dynamic.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"time"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
--- a/go.mod
+++ b/go.mod
@ -19,7 +19,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.24.0
 	golang.org/x/oauth2 v0.20.0
 	golang.org/x/text v0.15.0
-	gopkg.in/square/go-jose.v2 v2.6.0
+	gopkg.in/go-jose/go-jose.v2 v2.6.3
 )
 require (
--- a/go.sum
+++ b/go.sum
@ -90,8 +90,8 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/internal/testutil/token.go
+++ b/internal/testutil/token.go
@ -9,7 +9,7 @@ import (
 	"time"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 // KeySet implements oidc.Keys
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@ -12,7 +12,7 @@ import (
 	"time"
 	"golang.org/x/oauth2"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/crypto"
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
--- a/pkg/client/profile/jwt_profile.go
+++ b/pkg/client/profile/jwt_profile.go
@ -5,7 +5,7 @@ import (
 	"time"
 	"golang.org/x/oauth2"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/client"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
--- a/pkg/client/rp/jwks.go
+++ b/pkg/client/rp/jwks.go
@ -7,7 +7,7 @@ import (
 	"net/http"
 	"sync"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@ -12,7 +12,7 @@ import (
 	"github.com/google/uuid"
 	"golang.org/x/oauth2"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/client"
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
--- a/pkg/client/rp/verifier.go
+++ b/pkg/client/rp/verifier.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"time"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 )
--- a/pkg/client/rp/verifier_test.go
+++ b/pkg/client/rp/verifier_test.go
@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 	tu "github.com/zitadel/oidc/v2/internal/testutil"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 func TestVerifyTokens(t *testing.T) {
--- a/pkg/crypto/hash.go
+++ b/pkg/crypto/hash.go
@ -8,7 +8,7 @@ import (
 	"fmt"
 	"hash"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 var ErrUnsupportedAlgorithm = errors.New("unsupported signing algorithm")
--- a/pkg/crypto/sign.go
+++ b/pkg/crypto/sign.go
@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"errors"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 func Sign(object any, signer jose.Signer) (string, error) {
--- a/pkg/oidc/keyset.go
+++ b/pkg/oidc/keyset.go
@ -7,7 +7,7 @@ import (
 	"crypto/rsa"
 	"errors"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 const (
--- a/pkg/oidc/keyset_test.go
+++ b/pkg/oidc/keyset_test.go
@ -7,7 +7,7 @@ import (
 	"reflect"
 	"testing"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 func TestFindKey(t *testing.T) {
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@ -6,7 +6,7 @@ import (
 	"time"
 	"golang.org/x/oauth2"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/muhlemmer/gu"
 	"github.com/zitadel/oidc/v2/pkg/crypto"
--- a/pkg/oidc/token_request.go
+++ b/pkg/oidc/token_request.go
@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 const (
--- a/pkg/oidc/token_test.go
+++ b/pkg/oidc/token_test.go
@ -6,7 +6,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/text/language"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 var (
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -11,7 +11,7 @@ import (
 	"github.com/gorilla/schema"
 	"github.com/muhlemmer/gu"
 	"golang.org/x/text/language"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 type Audience []string
--- a/pkg/oidc/verifier.go
+++ b/pkg/oidc/verifier.go
@ -10,7 +10,7 @@ import (
 	"strings"
 	"time"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	str "github.com/zitadel/oidc/v2/pkg/strings"
 )
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"net/http"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
--- a/pkg/op/discovery_test.go
+++ b/pkg/op/discovery_test.go
@ -9,7 +9,7 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
--- a/pkg/op/keys.go
+++ b/pkg/op/keys.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"net/http"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
 )
--- a/pkg/op/keys_test.go
+++ b/pkg/op/keys_test.go
@ -9,7 +9,7 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
--- a/pkg/op/mock/authorizer.mock.impl.go
+++ b/pkg/op/mock/authorizer.mock.impl.go
@ -6,7 +6,7 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/gorilla/schema"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
--- a/pkg/op/mock/discovery.mock.go
+++ b/pkg/op/mock/discovery.mock.go
@ -9,7 +9,7 @@ import (
 	reflect "reflect"
 	gomock "github.com/golang/mock/gomock"
-	jose "gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/go-jose/go-jose.v2"
 )
 // MockDiscoverStorage is a mock of DiscoverStorage interface.
--- a/pkg/op/mock/signer.mock.go
+++ b/pkg/op/mock/signer.mock.go
@ -8,7 +8,7 @@ import (
 	reflect "reflect"
 	gomock "github.com/golang/mock/gomock"
-	jose "gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/go-jose/go-jose.v2"
 )
 // MockSigningKey is a mock of SigningKey interface.
--- a/pkg/op/mock/storage.mock.go
+++ b/pkg/op/mock/storage.mock.go
@ -12,7 +12,7 @@ import (
 	gomock "github.com/golang/mock/gomock"
 	oidc "github.com/zitadel/oidc/v2/pkg/oidc"
 	op "github.com/zitadel/oidc/v2/pkg/op"
-	jose "gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/go-jose/go-jose.v2"
 )
 // MockStorage is a mock of Storage interface.
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -12,7 +12,7 @@ import (
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/trace"
 	"golang.org/x/text/language"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
--- a/pkg/op/signer.go
+++ b/pkg/op/signer.go
@ -3,7 +3,7 @@ package op
 import (
 	"errors"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 var ErrSignerCreationFailed = errors.New("signer creation failed")
--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -5,7 +5,7 @@ import (
 	"errors"
 	"time"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 )
--- a/pkg/op/verifier_jwt_profile.go
+++ b/pkg/op/verifier_jwt_profile.go
@ -6,7 +6,7 @@ import (
 	"fmt"
 	"time"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 )