From 074b9b86a83f67472f09375e56b6c259c88f81f1 Mon Sep 17 00:00:00 2001
From: Stephane Moser <moser.sts@gmail.com>
Date: Wed, 4 May 2022 12:27:43 +0100
Subject: [PATCH 1/4] DTL-3188: Migrate from dgrijalva/jwt-go to golang-jwt/jwt

---
 e2e_test/standalone_test.go             | 2 +-
 go.mod                                  | 2 +-
 go.sum                                  | 5 ++---
 pkg/adaptors/jwtdecoder/decoder.go      | 2 +-
 pkg/adaptors/jwtdecoder/decoder_test.go | 2 +-
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/e2e_test/standalone_test.go b/e2e_test/standalone_test.go
index 39adbe11..78f17cde 100644
--- a/e2e_test/standalone_test.go
+++ b/e2e_test/standalone_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/golang/mock/gomock"
 	"github.com/pipedrive/kubelogin/e2e_test/idp"
 	"github.com/pipedrive/kubelogin/e2e_test/idp/mock_idp"
diff --git a/go.mod b/go.mod
index 3da11e7b..adc38cb1 100644
--- a/go.mod
+++ b/go.mod
@@ -4,8 +4,8 @@ go 1.15
 
 require (
 	github.com/coreos/go-oidc v2.1.0+incompatible
-	github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda
 	github.com/go-test/deep v1.0.4
+	github.com/golang-jwt/jwt/v4 v4.4.1
 	github.com/golang/mock v1.4.4
 	github.com/google/wire v0.3.0
 	github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027140131-4b9ebd5614fa
diff --git a/go.sum b/go.sum
index b534ca1d..305ab922 100644
--- a/go.sum
+++ b/go.sum
@@ -50,7 +50,6 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda h1:NyywMz59neOoVRFDz+ccfKWxn784fiHMDnZSy6T+JXY=
 github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
@@ -69,6 +68,8 @@ github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho=
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415 h1:WSBJMqJbLxsn+bTCPyPYZfqHdJmc8MK4wrBjMft6BAM=
 github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
+github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -165,8 +166,6 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027125806-fab3a0490fc6 h1:GIuQFKklp88mVnjxhLQ7EtVGS+jNptMS/HIl+WxTY6A=
-github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027125806-fab3a0490fc6/go.mod h1:wBSn3fih/Jyyv0VQ/9jNTz71XokiX1FtJafi6ASXw58=
 github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027140131-4b9ebd5614fa h1:IpdBCU+WUqgbpJR9QPIk/tJd9B57x65C+SaWa0MGGHw=
 github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027140131-4b9ebd5614fa/go.mod h1:wBSn3fih/Jyyv0VQ/9jNTz71XokiX1FtJafi6ASXw58=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
diff --git a/pkg/adaptors/jwtdecoder/decoder.go b/pkg/adaptors/jwtdecoder/decoder.go
index 4f1bebd0..5ecfaf5e 100644
--- a/pkg/adaptors/jwtdecoder/decoder.go
+++ b/pkg/adaptors/jwtdecoder/decoder.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/google/wire"
 	"golang.org/x/xerrors"
 )
diff --git a/pkg/adaptors/jwtdecoder/decoder_test.go b/pkg/adaptors/jwtdecoder/decoder_test.go
index a76a45dd..f2258dc0 100644
--- a/pkg/adaptors/jwtdecoder/decoder_test.go
+++ b/pkg/adaptors/jwtdecoder/decoder_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 )
 
 func TestDecoder_Decode(t *testing.T) {

From e7085551cf2bfb5443aa34442683e4cf6d4bd62a Mon Sep 17 00:00:00 2001
From: Stephane Moser <moser.sts@gmail.com>
Date: Thu, 5 May 2022 14:39:13 +0100
Subject: [PATCH 2/4] DTL-3188: lint deprecations

---
 e2e_test/standalone_test.go             | 1 +
 pkg/adaptors/jwtdecoder/decoder.go      | 2 ++
 pkg/adaptors/jwtdecoder/decoder_test.go | 1 +
 3 files changed, 4 insertions(+)

diff --git a/e2e_test/standalone_test.go b/e2e_test/standalone_test.go
index 78f17cde..e7446609 100644
--- a/e2e_test/standalone_test.go
+++ b/e2e_test/standalone_test.go
@@ -279,6 +279,7 @@ func newIDToken(t *testing.T, issuer, nonce string, expiry time.Time) string {
 		Nonce  string   `json:"nonce"`
 		Groups []string `json:"groups"`
 	}
+	//nolint
 	claims.StandardClaims = jwt.StandardClaims{
 		Issuer:    issuer,
 		Audience:  "kubernetes",
diff --git a/pkg/adaptors/jwtdecoder/decoder.go b/pkg/adaptors/jwtdecoder/decoder.go
index 5ecfaf5e..83f18522 100644
--- a/pkg/adaptors/jwtdecoder/decoder.go
+++ b/pkg/adaptors/jwtdecoder/decoder.go
@@ -41,10 +41,12 @@ func (d *Decoder) Decode(s string) (*Claims, error) {
 	if len(parts) != 3 {
 		return nil, xerrors.Errorf("token contains an invalid number of segments")
 	}
+	//nolint
 	b, err := jwt.DecodeSegment(parts[1])
 	if err != nil {
 		return nil, xerrors.Errorf("could not decode the token: %w", err)
 	}
+	//nolint
 	var claims jwt.StandardClaims
 	if err := json.NewDecoder(bytes.NewBuffer(b)).Decode(&claims); err != nil {
 		return nil, xerrors.Errorf("could not decode the json of token: %w", err)
diff --git a/pkg/adaptors/jwtdecoder/decoder_test.go b/pkg/adaptors/jwtdecoder/decoder_test.go
index f2258dc0..8d649a0e 100644
--- a/pkg/adaptors/jwtdecoder/decoder_test.go
+++ b/pkg/adaptors/jwtdecoder/decoder_test.go
@@ -47,6 +47,7 @@ func newIDToken(t *testing.T, issuer string, expiry time.Time) string {
 		Groups        []string `json:"groups"`
 		EmailVerified bool     `json:"email_verified"`
 	}{
+		//nolint
 		StandardClaims: jwt.StandardClaims{
 			Issuer:    issuer,
 			Audience:  "kubernetes",

From ef6bd6a62cefcae6cddb9184c725ee4eebc32e6c Mon Sep 17 00:00:00 2001
From: Stephane Moser <moser.sts@gmail.com>
Date: Thu, 5 May 2022 14:44:06 +0100
Subject: [PATCH 3/4] DTL-3188: Bump version

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index aa3606e6..3972dc3f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 TARGET := kubelogin
 TARGET_PLUGIN := kubectl-kubelogin
-CIRCLE_TAG ?= v1.15.5-pipedrive
+CIRCLE_TAG ?= v1.16.0-pipedrive
 LDFLAGS := -X main.version=$(CIRCLE_TAG)
 
 all: $(TARGET)

From 6769cb32bf4e60860c4c9d52b0586a56def7e22c Mon Sep 17 00:00:00 2001
From: Stephane Moser <moser.sts@gmail.com>
Date: Thu, 5 May 2022 14:45:59 +0100
Subject: [PATCH 4/4] DTL-3188: Upgrade dependency to fix security issue

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index adc38cb1..1e3407b8 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	gopkg.in/square/go-jose.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v2 v2.2.5
+	gopkg.in/yaml.v2 v2.2.8
 	k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719
 	k8s.io/client-go v0.0.0-20190620085101-78d2af792bab
 	k8s.io/klog v0.4.0
diff --git a/go.sum b/go.sum
index 305ab922..39c0bdb5 100644
--- a/go.sum
+++ b/go.sum
@@ -461,8 +461,8 @@ gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=