From 2e839a6399bc83d104f3e62d80c9f8530bc2f0e0 Mon Sep 17 00:00:00 2001
From: Andres Perez <1676612+andresperezl@users.noreply.github.com>
Date: Fri, 2 Oct 2020 14:08:51 -0400
Subject: [PATCH 1/2] Update jwt-go to v4

---
 examples/martini-example/main.go | 2 +-
 examples/negroni-example/main.go | 2 +-
 go.mod                           | 2 +-
 go.sum                           | 6 ++++--
 jwtmiddleware.go                 | 2 +-
 jwtmiddleware_test.go            | 2 +-
 6 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/examples/martini-example/main.go b/examples/martini-example/main.go
index 7c31241..b565477 100644
--- a/examples/martini-example/main.go
+++ b/examples/martini-example/main.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	jwtmiddleware "github.com/auth0/go-jwt-middleware"
-	"github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go/v4"
 	"github.com/go-martini/martini"
 )
 
diff --git a/examples/negroni-example/main.go b/examples/negroni-example/main.go
index 39414cb..51bae19 100644
--- a/examples/negroni-example/main.go
+++ b/examples/negroni-example/main.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	jwtmiddleware "github.com/auth0/go-jwt-middleware"
-	"github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go/v4"
 	"github.com/gorilla/mux"
 	"github.com/urfave/negroni"
 )
diff --git a/go.mod b/go.mod
index b00b4f4..6c23aca 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.14
 
 require (
 	github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
 	github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab
 	github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect
 	github.com/gorilla/mux v1.7.4
diff --git a/go.sum b/go.sum
index 5e637eb..6e7c9d5 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 h1:sDMmm+q/3+BukdIpxwO365v/Rbspp2Nt5XntgQRXq8Q=
 github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 h1:CaO/zOnF8VvUfEbhRatPcwKVWamvbYd8tQGRWacE9kU=
+github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1/go.mod h1:+hnT3ywWDTAFrW5aE+u2Sa/wT555ZqwoCS+pk3p6ry4=
 github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk=
 github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
@@ -25,3 +25,5 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/jwtmiddleware.go b/jwtmiddleware.go
index 8b01d8e..51362fe 100644
--- a/jwtmiddleware.go
+++ b/jwtmiddleware.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go/v4"
 )
 
 // A function called whenever an error is encountered
diff --git a/jwtmiddleware_test.go b/jwtmiddleware_test.go
index 51698ca..06e1c8b 100644
--- a/jwtmiddleware_test.go
+++ b/jwtmiddleware_test.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go/v4"
 	"github.com/gorilla/mux"
 	. "github.com/smartystreets/goconvey/convey"
 	"github.com/urfave/negroni"

From fa769b0176a976d01e795ed2357caa59c1314ff4 Mon Sep 17 00:00:00 2001
From: Jon Carl <jon.carl@auth0.com>
Date: Wed, 6 Jan 2021 09:16:40 -0700
Subject: [PATCH 2/2] switch from dgrijalva/jwt-go to form3tech-oss/jwt-go

Signed-off-by: Jon Carl <jon.carl@auth0.com>
---
 README.md                        | 6 ++++--
 examples/martini-example/main.go | 2 +-
 examples/negroni-example/main.go | 2 +-
 go.mod                           | 2 +-
 go.sum                           | 6 ++----
 jwtmiddleware.go                 | 2 +-
 jwtmiddleware_test.go            | 2 +-
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 155d99a..0b08773 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # GO JWT Middleware
 
+**NOTE:** We released this version using a fork of jwt-go in order to address a security vulnerability. Due to jwt-go not being actively maintained we will be looking to switch to a more actively maintained package in the near future.
+
 A middleware that will check that a [JWT](http://jwt.io/) is sent on the `Authorization` header and will then set the content of the JWT into the `user` variable of the request.
 
 This module lets you authenticate HTTP requests using JWT tokens in your Go Programming Language applications. JWTs are typically used to protect API endpoints, and are often issued using OpenID Connect.
@@ -28,7 +30,7 @@ import (
   "net/http"
 
   "github.com/auth0/go-jwt-middleware"
-  "github.com/dgrijalva/jwt-go"
+  "github.com/form3tech-oss/jwt-go"
   "context"
 )
 
@@ -70,7 +72,7 @@ import (
 
   "github.com/auth0/go-jwt-middleware"
   "github.com/urfave/negroni"
-  "github.com/dgrijalva/jwt-go"
+  "github.com/form3tech-oss/jwt-go"
   "github.com/gorilla/mux"
 )
 
diff --git a/examples/martini-example/main.go b/examples/martini-example/main.go
index b565477..3a76fc1 100644
--- a/examples/martini-example/main.go
+++ b/examples/martini-example/main.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	jwtmiddleware "github.com/auth0/go-jwt-middleware"
-	"github.com/dgrijalva/jwt-go/v4"
+	"github.com/form3tech-oss/jwt-go"
 	"github.com/go-martini/martini"
 )
 
diff --git a/examples/negroni-example/main.go b/examples/negroni-example/main.go
index 51bae19..a2640a4 100644
--- a/examples/negroni-example/main.go
+++ b/examples/negroni-example/main.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	jwtmiddleware "github.com/auth0/go-jwt-middleware"
-	"github.com/dgrijalva/jwt-go/v4"
+	"github.com/form3tech-oss/jwt-go"
 	"github.com/gorilla/mux"
 	"github.com/urfave/negroni"
 )
diff --git a/go.mod b/go.mod
index 6c23aca..5ea135e 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.14
 
 require (
 	github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect
-	github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
+	github.com/form3tech-oss/jwt-go v3.2.2+incompatible
 	github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab
 	github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect
 	github.com/gorilla/mux v1.7.4
diff --git a/go.sum b/go.sum
index 6e7c9d5..736f537 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 h1:sDMmm+q/3+BukdIpxwO365v/Rbspp2Nt5XntgQRXq8Q=
 github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
-github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 h1:CaO/zOnF8VvUfEbhRatPcwKVWamvbYd8tQGRWacE9kU=
-github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1/go.mod h1:+hnT3ywWDTAFrW5aE+u2Sa/wT555ZqwoCS+pk3p6ry4=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk=
 github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
@@ -25,5 +25,3 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/jwtmiddleware.go b/jwtmiddleware.go
index 51362fe..c146b94 100644
--- a/jwtmiddleware.go
+++ b/jwtmiddleware.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/dgrijalva/jwt-go/v4"
+	"github.com/form3tech-oss/jwt-go"
 )
 
 // A function called whenever an error is encountered
diff --git a/jwtmiddleware_test.go b/jwtmiddleware_test.go
index 06e1c8b..cab5cd5 100644
--- a/jwtmiddleware_test.go
+++ b/jwtmiddleware_test.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/dgrijalva/jwt-go/v4"
+	"github.com/form3tech-oss/jwt-go"
 	"github.com/gorilla/mux"
 	. "github.com/smartystreets/goconvey/convey"
 	"github.com/urfave/negroni"