Is this a BUG REPORT or FEATURE REQUEST?: BUG REPORT
What happened: github.com/coreos/go-oidc v2.2.1+incompatible should be replaced with a newer version github.com/coreos/go-oidc/v3/oidc (note, the import path changes as well)
What you expected to happen: Get rid of vulnerable gopkg.in/square/go-jose.v2 dependency (which is not going to be updated anymore).
How to reproduce it (as minimally and precisely as possible): see GHSA-c5q2-7r4c-mv6g
Anything else we need to know?: N/A
Environment: N/A
Is this a BUG REPORT or FEATURE REQUEST?: BUG REPORT
What happened:
github.com/coreos/go-oidc v2.2.1+incompatibleshould be replaced with a newer versiongithub.com/coreos/go-oidc/v3/oidc(note, the import path changes as well)What you expected to happen: Get rid of vulnerable
gopkg.in/square/go-jose.v2dependency (which is not going to be updated anymore).How to reproduce it (as minimally and precisely as possible): see GHSA-c5q2-7r4c-mv6g
Anything else we need to know?: N/A
Environment: N/A