Skip to content

[3.5] Bump golang-jwt/jwt to 4.5.1 to address GO-2024-3250 #8831

[3.5] Bump golang-jwt/jwt to 4.5.1 to address GO-2024-3250

[3.5] Bump golang-jwt/jwt to 4.5.1 to address GO-2024-3250 #8831

Workflow file for this run

---
name: Go Vulnerability Checker
on: [push, pull_request]
permissions: read-all
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- id: goversion
run: echo "goversion=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ steps.goversion.outputs.goversion }}
- run: date
- run: |
set -euo pipefail
go install golang.org/x/vuln/cmd/govulncheck@latest
find . -name go.mod | xargs -I'{}' /bin/bash -c 'echo scanning $(dirname {}); govulncheck -C $(dirname {}) -show verbose ./...'