Skip to content

chore(deps): update tidb-dashboard to eliminate vulnerable JWT dependency #10110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JmPotato wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update tidb-dashboard to eliminate vulnerable JWT dependency #10110

JmPotato wants to merge 1 commit into from
+349 −344

Conversation

@JmPotato
Copy link
Member

@JmPotato JmPotato commented Dec 23, 2025
edited
Loading

What problem does this PR solve?

Issue Number: close #10109.

What is changed and how does it work?

Update tidb-dashboard to [121f017](https://github.com/pingcap/tidb-dashboard/commit/121f017c2150ec1037199e18e5f255aac057d48f) to eliminate vulnerable `golang-jwt/jwt` dependency.

Check List

Tests

  • Unit test
  • Integration test

Release note

None.

@ti-chi-bot ti-chi-bot bot added release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Indicates the PR's author has signed the dco. labels Dec 23, 2025
@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Dec 23, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hundundm for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@JmPotato JmPotato changed the title chore(deps): update tidb-dashboard to eliminate vulnerable JWT depend… chore(deps): update tidb-dashboard to eliminate vulnerable JWT dependency Dec 23, 2025
@ti-chi-bot ti-chi-bot bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Dec 23, 2025
@ti-chi-bot
Copy link
Contributor

ti-chi-bot bot commented Dec 23, 2025

@JmPotato: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-unit-test-next-gen-3 6a292dc link true /test pull-unit-test-next-gen-3
pull-unit-test-next-gen-1 6a292dc link true /test pull-unit-test-next-gen-1
pull-unit-test-next-gen-2 6a292dc link true /test pull-unit-test-next-gen-2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

rleungx
rleungx reviewed Dec 24, 2025
View reviewed changes
go.mod
golang.org/x/time v0.5.0
golang.org/x/tools v0.38.0
google.golang.org/grpc v1.62.1
google.golang.org/grpc v1.75.1
Copy link
Member

@rleungx rleungx Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it expected?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rleungx rleungx rleungx left review comments

Assignees

No one assigned

Labels

dco-signoff: yes Indicates the PR's author has signed the dco. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Eliminate vulnerable golang-jwt/jwt dependency

2 participants

@JmPotato @rleungx