Skip to content

Bump github.com/go-jose/go-jose/v4 to v4.1.4#476

Closed
rhafer wants to merge 1 commit intocoreos:v3from
rhafer:bump-go-jose
Closed

Bump github.com/go-jose/go-jose/v4 to v4.1.4#476
rhafer wants to merge 1 commit intocoreos:v3from
rhafer:bump-go-jose

Conversation

@rhafer
Copy link
Copy Markdown

@rhafer rhafer commented Apr 7, 2026

No description provided.

@ericchiang
Copy link
Copy Markdown
Collaborator

ericchiang commented Apr 8, 2026

Hey @rhafer. go-oidc doesn't require any newer features from go-jose, so I don't see a reason to bump the dependency and require all of our consumers do so too. If you want to rely on a newer version of go-jose, it's easy enough to do so in your own project's go.mod.

@ericchiang
Copy link
Copy Markdown
Collaborator

ericchiang commented Apr 8, 2026

Ah, I see https://github.com/coreos/go-oidc/security/dependabot/24. Let me go ahead and use this to configure dependabot for the repo.

@ericchiang
Copy link
Copy Markdown
Collaborator

ericchiang commented Apr 8, 2026

Should be fixed by #479!

@ericchiang ericchiang closed this Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhafer @ericchiang