Skip to content

chore: upgrade go-jose to v4 and update JWT serialization methods#2460

Open
chimanjain wants to merge 8 commits into
quay:mainfrom
chimanjain:upgrade-go-jose
Open

chore: upgrade go-jose to v4 and update JWT serialization methods#2460
chimanjain wants to merge 8 commits into
quay:mainfrom
chimanjain:upgrade-go-jose

Conversation

@chimanjain
Copy link
Copy Markdown
Contributor

@chimanjain chimanjain commented May 18, 2026

chore: upgrade go-jose from v3 to v4 and update JWT serialization methods

@chimanjain chimanjain requested a review from a team as a code owner May 18, 2026 13:21
@chimanjain chimanjain requested review from crozzy and removed request for a team May 18, 2026 13:21
@crozzy
Copy link
Copy Markdown
Collaborator

crozzy commented May 18, 2026
edited
Loading

This is a change that will take more effort on account of v4 enforcing a minimum key length. That means that if anyone has short keys configured in their environments in the wild auth will potentially fail:

{"level":"ERROR","source":"main.main.func3","time":"2026-05-18T10:05:15.476020329-07:00","msg":"error exit","reason":"go-jose/go-jose: invalid key size for algorithm"}

Potential additions:

  • Release notes and commit message should mention this
  • config/auth.go.validate should probably check key length
  • Edit local-dev/clair/config.yaml

@chimanjain
Copy link
Copy Markdown
Contributor Author

chimanjain commented May 19, 2026

This is a change that will take more effort on account of v4 enforcing a minimum key length. That means that if anyone has short keys configured in their environments in the wild auth will potentially fail:

{"level":"ERROR","source":"main.main.func3","time":"2026-05-18T10:05:15.476020329-07:00","msg":"error exit","reason":"go-jose/go-jose: invalid key size for algorithm"}

Potential additions:

  • Release notes and commit message should mention this
  • config/auth.go.validate should probably check key length
  • Edit local-dev/clair/config.yaml

Thanks @crozzy . I'll add additional checks and update UT's. Please review once I commit them

chimanjain added 2 commits May 19, 2026 14:05
@chimanjain
chore: upgrade go-jose to v4 and update JWT serialization methods
0e7a4bb 
Signed-off-by: Chiman Jain <chimanjain15@gmail.com>
@chimanjain
address review comments, add key length check, updates ut's
380b25b 
Signed-off-by: Chiman Jain <chimanjain15@gmail.com>
chimanjain added 6 commits May 19, 2026 14:06
@chimanjain
chore: address review comments, add key length check, updates ut's
ae9cabf 
Signed-off-by: Chiman Jain <chimanjain15@gmail.com>
@chimanjain
Merge branch 'upgrade-go-jose' of https://github.com/chimanjain/clair
342968c 
…into upgrade-go-jose
@chimanjain
chore: Merge branch 'upgrade-go-jose' of https://github.com/chimanjai…
eb81473 
…n/clair into upgrade-go-jose

Signed-off-by: Chiman Jain <chimanjain15@gmail.com>
@chimanjain
Merge branch 'upgrade-go-jose' of https://github.com/chimanjain/clair
998f592 
…into upgrade-go-jose
@chimanjain
chore: upgrade go-jose
723cdf0 
Signed-off-by: Chiman Jain <chimanjain15@gmail.com>
@chimanjain
Merge branch 'upgrade-go-jose' of https://github.com/chimanjain/clair
74ad362 
…into upgrade-go-jose
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crozzy crozzy Awaiting requested review from crozzy crozzy is a code owner automatically assigned from quay/clair

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chimanjain @crozzy