Skip to content

Commit a7aed53

Browse files
chore(deps): bump the go-minor-and-patch group with 70 updates (#3193)
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Miguel Martinez Trivino <miguel@chainloop.dev>
1 parent 0fa79da commit a7aed53

31 files changed

Lines changed: 700 additions & 851 deletions

app/artifact-cas/internal/server/grpc.go

Lines changed: 6 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ import (
3131
"github.com/go-kratos/kratos/v2/errors"
3232
jwtMiddleware "github.com/go-kratos/kratos/v2/middleware/auth/jwt"
3333
"github.com/go-kratos/kratos/v2/middleware/selector"
34-
jwt "github.com/golang-jwt/jwt/v4"
34+
jwt "github.com/golang-jwt/jwt/v5"
3535
"github.com/prometheus/client_golang/prometheus"
3636
"google.golang.org/genproto/googleapis/bytestream"
3737

@@ -194,24 +194,14 @@ func verifyAndMarshalJWT(token string, keyFunc jwt.Keyfunc, signingMethod jwt.Si
194194

195195
tokenInfo, err := jwt.ParseWithClaims(token, claims, keyFunc)
196196
if err != nil {
197-
var ve *jwt.ValidationError
198-
if !errors.As(err, &ve) {
199-
return nil, errors.Unauthorized("UNAUTHORIZED", err.Error())
200-
}
201-
202-
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
197+
switch {
198+
case errors.Is(err, jwt.ErrTokenMalformed):
203199
return nil, jwtMiddleware.ErrTokenInvalid
204-
}
205-
206-
if ve.Errors&(jwt.ValidationErrorExpired) != 0 {
207-
return nil, jwtMiddleware.ErrTokenExpired
208-
}
209-
210-
if ve.Errors&(jwt.ValidationErrorNotValidYet) != 0 {
200+
case errors.Is(err, jwt.ErrTokenExpired), errors.Is(err, jwt.ErrTokenNotValidYet):
211201
return nil, jwtMiddleware.ErrTokenExpired
202+
default:
203+
return nil, errors.Unauthorized("UNAUTHORIZED", err.Error())
212204
}
213-
214-
return nil, err
215205
}
216206

217207
if !tokenInfo.Valid {

app/artifact-cas/internal/server/grpc_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright 2023 The Chainloop Authors.
2+
// Copyright 2023-2026 The Chainloop Authors.
33
//
44
// Licensed under the Apache License, Version 2.0 (the "License");
55
// you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ import (
2424

2525
robotaccount "github.com/chainloop-dev/chainloop/internal/robotaccount/cas"
2626
jwtMiddleware "github.com/go-kratos/kratos/v2/middleware/auth/jwt"
27-
jwt "github.com/golang-jwt/jwt/v4"
27+
jwt "github.com/golang-jwt/jwt/v5"
2828
"github.com/grpc-ecosystem/go-grpc-middleware/util/metautils"
2929
"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors"
3030
"github.com/stretchr/testify/assert"
@@ -126,7 +126,7 @@ func TestJWTAuthFunc(t *testing.T) {
126126
assert.NoError(t, err)
127127
// Validate and extract the claims
128128
claims := infoFromAuth(ctx, t)
129-
assert.NoError(t, claims.Valid())
129+
assert.NoError(t, claims.Validate())
130130
assert.Equal(t, "secret-id", claims.StoredSecretID)
131131
assert.Equal(t, "backend-type", claims.BackendType)
132132
assert.Equal(t, robotaccount.Downloader, claims.Role)

app/artifact-cas/internal/server/http.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ import (
2929
"github.com/go-kratos/kratos/v2/middleware/logging"
3030
"github.com/go-kratos/kratos/v2/middleware/recovery"
3131
"github.com/go-kratos/kratos/v2/transport/http"
32-
"github.com/golang-jwt/jwt/v4"
32+
"github.com/golang-jwt/jwt/v5"
3333
)
3434

3535
// NewHTTPServer new a HTTP server.

app/cli/cmd/auth_login.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ import (
3030

3131
pb "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
3232
"github.com/chainloop-dev/chainloop/internal/oauth"
33-
jwt "github.com/golang-jwt/jwt/v4"
33+
jwt "github.com/golang-jwt/jwt/v5"
3434
"github.com/spf13/cobra"
3535
"github.com/spf13/viper"
3636
)

app/cli/internal/token/token.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ package token
1717

1818
import (
1919
v1 "github.com/chainloop-dev/chainloop/pkg/attestation/crafter/api/attestation/v1"
20-
"github.com/golang-jwt/jwt/v4"
20+
"github.com/golang-jwt/jwt/v5"
2121
)
2222

2323
const (

app/cli/internal/token/token_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,15 +55,15 @@ func TestParse(t *testing.T) {
5555
},
5656
{
5757
name: "federated github token",
58-
token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiY2hhaW5sb29wIiwicmVwb3NpdG9yeSI6Im1hdGlhc2luc2F1cnJhbGRlL3Byb2plY3QiLCJzdWIiOiJyZXBvOm1hdGlhc2luc2F1cnJhbGRlL3Byb2plY3Q6cmVmOnJlZnMvaGVhZHMvbWFpbiJ9.signature",
58+
token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiY2hhaW5sb29wIiwicmVwb3NpdG9yeSI6Im1hdGlhc2luc2F1cnJhbGRlL3Byb2plY3QiLCJzdWIiOiJyZXBvOm1hdGlhc2luc2F1cnJhbGRlL3Byb2plY3Q6cmVmOnJlZnMvaGVhZHMvbWFpbiJ9.c2lnbmF0dXJl",
5959
want: &ParsedToken{
6060
ID: "https://token.actions.githubusercontent.com",
6161
TokenType: v1.Attestation_Auth_AUTH_TYPE_FEDERATED,
6262
},
6363
},
6464
{
6565
name: "federated token without issuer",
66-
token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjaGFpbmxvb3AifQ.signature",
66+
token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjaGFpbmxvb3AifQ.c2lnbmF0dXJl",
6767
},
6868
{
6969
name: "old api token (without orgID)",

app/controlplane/cmd/wire.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ import (
4343
"github.com/chainloop-dev/chainloop/pkg/credentials"
4444
"github.com/chainloop-dev/chainloop/pkg/natsconn"
4545
"github.com/go-kratos/kratos/v2/log"
46-
"github.com/golang-jwt/jwt/v4"
46+
"github.com/golang-jwt/jwt/v5"
4747
"github.com/google/wire"
4848
)
4949

app/controlplane/cmd/wire_gen.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/internal/server/grpc.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ import (
3636
"github.com/chainloop-dev/chainloop/app/controlplane/internal/usercontext"
3737
"github.com/chainloop-dev/chainloop/pkg/credentials"
3838
"github.com/getsentry/sentry-go"
39-
"github.com/golang-jwt/jwt/v4"
39+
"github.com/golang-jwt/jwt/v5"
4040

4141
"github.com/go-kratos/kratos/v2/errors"
4242
"github.com/go-kratos/kratos/v2/log"

app/controlplane/internal/server/http.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ import (
2121

2222
"github.com/chainloop-dev/chainloop/app/controlplane/pkg/jwt/apitoken"
2323
middlewares_http "github.com/chainloop-dev/chainloop/pkg/middlewares/http"
24-
"github.com/golang-jwt/jwt/v4"
24+
"github.com/golang-jwt/jwt/v5"
2525

2626
"buf.build/go/protovalidate"
2727
v1 "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"

0 commit comments

Comments
 (0)