diff --git a/cmd/clairctl/main.go b/cmd/clairctl/main.go index 97720e19af..328c444c2e 100644 --- a/cmd/clairctl/main.go +++ b/cmd/clairctl/main.go @@ -7,7 +7,7 @@ import ( "os" "runtime/debug" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/quay/clair/config" _ "github.com/quay/claircore/updater/defaults" "github.com/urfave/cli/v2" diff --git a/contrib/cmd/quaybackstop/clair.go b/contrib/cmd/quaybackstop/clair.go index c0caf5c1bd..61987b4ba5 100644 --- a/contrib/cmd/quaybackstop/clair.go +++ b/contrib/cmd/quaybackstop/clair.go @@ -21,7 +21,7 @@ import ( "github.com/quay/clair/v4/cmd" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/jackc/pgx/v5" "github.com/jackc/pgx/v5/pgxpool" "github.com/quay/clair/config" diff --git a/contrib/cmd/quaybackstop/main.go b/contrib/cmd/quaybackstop/main.go index e1a6b3ca0d..10f004125c 100644 --- a/contrib/cmd/quaybackstop/main.go +++ b/contrib/cmd/quaybackstop/main.go @@ -34,8 +34,8 @@ import ( "sync" "time" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/jackc/pgx/v5/pgxpool" "github.com/quay/clair/config" ) @@ -291,7 +291,7 @@ func (a *App) NewRequestWithContext(ctx context.Context, method string, url *url cl.NotBefore = jwt.NewNumericDate(now.Add(-jwt.DefaultLeeway)) a.clairTokenResign = now.Add(15 * time.Minute) cl.Expiry = jwt.NewNumericDate(a.clairTokenResign) - tok, err := jwt.Signed(a.jwtSigner).Claims(&cl).CompactSerialize() + tok, err := jwt.Signed(a.jwtSigner).Claims(&cl).Serialize() if err != nil { return nil, fmt.Errorf("jwt construction: %w", err) } diff --git a/go.mod b/go.mod index cec765cdbf..eaf2b1eca8 100644 --- a/go.mod +++ b/go.mod @@ -5,12 +5,12 @@ go 1.25.0 require ( github.com/Masterminds/semver v1.5.0 github.com/evanphx/json-patch/v5 v5.9.11 - github.com/go-jose/go-jose/v3 v3.0.5 + github.com/go-jose/go-jose/v4 v4.1.4 github.com/go-stomp/stomp/v3 v3.1.5 github.com/google/go-cmp v0.7.0 github.com/google/go-containerregistry v0.21.5 github.com/google/uuid v1.6.0 - github.com/grafana/pyroscope-go/godeltaprof v0.1.9 + github.com/grafana/pyroscope-go/godeltaprof v0.1.10 github.com/jackc/pgx/v5 v5.9.2 github.com/klauspost/compress v1.18.6 github.com/prometheus/client_golang v1.23.2 @@ -40,7 +40,7 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.43.0 go.opentelemetry.io/otel/trace v1.43.0 go.yaml.in/yaml/v3 v3.0.4 - golang.org/x/net v0.53.0 + golang.org/x/net v0.54.0 golang.org/x/sync v0.20.0 golang.org/x/time v0.15.0 google.golang.org/grpc v1.81.0 @@ -91,10 +91,10 @@ require ( go.opentelemetry.io/proto/otlp v1.10.0 // indirect go.uber.org/mock v0.6.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect - golang.org/x/crypto v0.50.0 // indirect + golang.org/x/crypto v0.51.0 // indirect golang.org/x/mod v0.35.0 // indirect - golang.org/x/sys v0.43.0 // indirect - golang.org/x/text v0.36.0 // indirect + golang.org/x/sys v0.44.0 // indirect + golang.org/x/text v0.37.0 // indirect golang.org/x/tools v0.44.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect diff --git a/go.sum b/go.sum index 2ccf811af4..be62600c55 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,8 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ= -github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -44,7 +44,6 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-containerregistry v0.21.5 h1:KTJG9Pn/jC0VdZR6ctV3/jcN+q6/Iqlx0sTVz3ywZlM= @@ -54,8 +53,8 @@ github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grafana/pyroscope-go/godeltaprof v0.1.9 h1:c1Us8i6eSmkW+Ez05d3co8kasnuOY813tbMN8i/a3Og= -github.com/grafana/pyroscope-go/godeltaprof v0.1.9/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU= +github.com/grafana/pyroscope-go/godeltaprof v0.1.10 h1:dvhndEbyavTb59vFCd6PsrAG5qi69/qZZtegh/TJKSY= +github.com/grafana/pyroscope-go/godeltaprof v0.1.10/go.mod h1:XnWRGg2XO5uxZdiz1rfeJH6w1eZ+YICCBVXNWOfH86g= github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= @@ -162,7 +161,6 @@ github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVO github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.68.0 h1:cuXaPAfIoJKsYjBjPSb2nKZEmgM43zVr25l37IxhKME= @@ -210,30 +208,20 @@ go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= -golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= -golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= +golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w= +golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -242,29 +230,15 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= -golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= -golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -272,8 +246,6 @@ golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190924052046-3ac2a5bbd98a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/httptransport/auth_test.go b/httptransport/auth_test.go index af5d5c2e39..4e0adf9cf2 100644 --- a/httptransport/auth_test.go +++ b/httptransport/auth_test.go @@ -12,7 +12,7 @@ import ( "net/http/httptest" "testing" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/quay/clair/config" "github.com/quay/claircore/test" @@ -116,7 +116,7 @@ func (tc *authTestcase) Run(ctx context.Context) func(*testing.T) { // TestAuth tests configuring both http server and client. func TestAuth(t *testing.T) { - fakeKey := []byte("deadbeef") + fakeKey := []byte("deadbeefdeadbeefdeadbeefdeadbeef") tt := []authTestcase{ {Name: "None"}, { @@ -153,7 +153,7 @@ func TestAuth(t *testing.T) { }, }, ShouldFail: true, - ConfigMod: func(_ *testing.T, cfg *config.Config) { cfg.Auth.PSK.Key = []byte("badbeef") }, + ConfigMod: func(_ *testing.T, cfg *config.Config) { cfg.Auth.PSK.Key = []byte("badbeefbadbeefbadbeefbadbeefbadb") }, }, { Name: "PSKFail", diff --git a/httptransport/common.go b/httptransport/common.go index 3d5e72106d..5347889c49 100644 --- a/httptransport/common.go +++ b/httptransport/common.go @@ -35,8 +35,8 @@ func getDigest(_ http.ResponseWriter, r *http.Request) (d claircore.Digest, err // "allow" slice is used. // // If "Accept" headers are present, the first (ordered by "q" value) media type -// in the "allow" slice is chosen. If there are no common media types, "415 -// Unsupported Media Type" is written and ErrMediaType is reported. +// in the "allow" slice is chosen. If there are no common media types, +// ErrMediaType is reported. func pickContentType(w http.ResponseWriter, r *http.Request, allow []string) error { // There's no canonical algorithm for this, it's all server-dependent // behavior. Our algorithm is: @@ -84,7 +84,6 @@ func pickContentType(w http.ResponseWriter, r *http.Request, allow []string) err } } } - w.WriteHeader(http.StatusUnsupportedMediaType) return ErrMediaType } diff --git a/httptransport/discoveryhandler_test.go b/httptransport/discoveryhandler_test.go index ac80b292bc..12153a5970 100644 --- a/httptransport/discoveryhandler_test.go +++ b/httptransport/discoveryhandler_test.go @@ -67,5 +67,8 @@ func TestDiscovery(t *testing.T) { if got, want := resp.StatusCode, http.StatusUnsupportedMediaType; got != want { t.Errorf("got status code: %v want status code: %v", got, want) } + if got, want := resp.Header.Get("content-type"), "application/json"; got != want { + t.Errorf("got content-type: %q, want: %q", got, want) + } }) } diff --git a/initialize/services.go b/initialize/services.go index 66c21cffa4..1093947ac1 100644 --- a/initialize/services.go +++ b/initialize/services.go @@ -10,7 +10,7 @@ import ( "net/http/cookiejar" "time" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/jackc/pgx/v5/pgxpool" "github.com/quay/clair/config" "github.com/quay/claircore/datastore/postgres" diff --git a/internal/httputil/signer.go b/internal/httputil/signer.go index aba15d697e..66bf7a633a 100644 --- a/internal/httputil/signer.go +++ b/internal/httputil/signer.go @@ -7,8 +7,8 @@ import ( "net/url" "time" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/quay/clair/config" ) @@ -103,7 +103,7 @@ func (s *Signer) Sign(ctx context.Context, req *http.Request) error { cl.IssuedAt = jwt.NewNumericDate(now) cl.NotBefore = jwt.NewNumericDate(now.Add(-jwt.DefaultLeeway)) cl.Expiry = jwt.NewNumericDate(now.Add(jwt.DefaultLeeway)) - h, err := jwt.Signed(s.signer).Claims(&cl).CompactSerialize() + h, err := jwt.Signed(s.signer).Claims(&cl).Serialize() if err != nil { return err } diff --git a/middleware/auth/httpauth_psk.go b/middleware/auth/httpauth_psk.go index df8388951b..20ac0beb7d 100644 --- a/middleware/auth/httpauth_psk.go +++ b/middleware/auth/httpauth_psk.go @@ -6,7 +6,8 @@ import ( "net/http" "time" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" ) // PSK implements the AuthCheck interface. @@ -33,7 +34,7 @@ func (p *PSK) Check(ctx context.Context, r *http.Request) bool { slog.DebugContext(ctx, "failed to retrieve jwt from header") return false } - tok, err := jwt.ParseSigned(wt) + tok, err := jwt.ParseSigned(wt, []jose.SignatureAlgorithm{jose.HS256, jose.HS384, jose.HS512}) if err != nil { slog.DebugContext(ctx, "failed to parse jwt", "reason", err) return false diff --git a/middleware/auth/httpauth_psk_test.go b/middleware/auth/httpauth_psk_test.go index 88e0feecf4..b820789313 100644 --- a/middleware/auth/httpauth_psk_test.go +++ b/middleware/auth/httpauth_psk_test.go @@ -14,8 +14,8 @@ import ( "testing/quick" "time" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/quay/clair/v4/internal/httputil" ) @@ -40,6 +40,9 @@ var signAlgo = []jose.SignatureAlgorithm{ // implements the Generate interface from testing/quick package. func (tc *pskTestcase) Generate(rand *rand.Rand, sz int) reflect.Value { + if sz < 64 { + sz = 64 + } b := make([]byte, sz) t := &pskTestcase{ key: make([]byte, sz), @@ -111,7 +114,7 @@ func roundtrips(t *testing.T) func(*pskTestcase) bool { Expiry: jwt.NewNumericDate(now.Add(time.Minute)), IssuedAt: jwt.NewNumericDate(now), NotBefore: jwt.NewNumericDate(now), - }).CompactSerialize() + }).Serialize() if err != nil { t.Error(err) return false diff --git a/notifier/webhook/cmd/webhookd/main.go b/notifier/webhook/cmd/webhookd/main.go index 7e2e86dfac..e374a2b2eb 100644 --- a/notifier/webhook/cmd/webhookd/main.go +++ b/notifier/webhook/cmd/webhookd/main.go @@ -25,8 +25,8 @@ import ( "strconv" "time" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/google/uuid" "github.com/quay/clair/v4/notifier" @@ -253,7 +253,7 @@ func (h *Recv) sign(req *http.Request) error { cl.IssuedAt = jwt.NewNumericDate(now) cl.NotBefore = jwt.NewNumericDate(now.Add(-jwt.DefaultLeeway)) cl.Expiry = jwt.NewNumericDate(now.Add(jwt.DefaultLeeway)) - tok, err := jwt.Signed(h.Signer).Claims(&cl).CompactSerialize() + tok, err := jwt.Signed(h.Signer).Claims(&cl).Serialize() if err != nil { return err }