From 2fd849242ae496c2648b4cfaf1b6c250c1b7f85e Mon Sep 17 00:00:00 2001
From: Johannes Koch <johannes.koch@milecrew.com>
Date: Tue, 9 Jul 2024 13:33:32 +0200
Subject: [PATCH 1/2] updated jwt lib to v5.2.1

---
 go.mod                                       | 2 +-
 go.sum                                       | 4 ++--
 vendor/github.com/golang-jwt/jwt/v5/ecdsa.go | 4 ++--
 vendor/github.com/golang-jwt/jwt/v5/hmac.go  | 4 ++--
 vendor/modules.txt                           | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 4f27637ed..b64a3da1f 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 
 require (
 	github.com/algolia/algoliasearch-client-go/v3 v3.26.0
-	github.com/golang-jwt/jwt/v5 v5.2.0
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.3.1
 	github.com/gorilla/mux v1.8.0
diff --git a/go.sum b/go.sum
index 7d3e6b02a..7c84129be 100644
--- a/go.sum
+++ b/go.sum
@@ -40,8 +40,8 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
 github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
diff --git a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
index ca85659ba..c929e4a02 100644
--- a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
@@ -62,7 +62,7 @@ func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interf
 	case *ecdsa.PublicKey:
 		ecdsaKey = k
 	default:
-		return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType)
+		return newError("ECDSA verify expects *ecdsa.PublicKey", ErrInvalidKeyType)
 	}
 
 	if len(sig) != 2*m.KeySize {
@@ -96,7 +96,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte
 	case *ecdsa.PrivateKey:
 		ecdsaKey = k
 	default:
-		return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType)
+		return nil, newError("ECDSA sign expects *ecdsa.PrivateKey", ErrInvalidKeyType)
 	}
 
 	// Create the hasher
diff --git a/vendor/github.com/golang-jwt/jwt/v5/hmac.go b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
index 96c62722d..aca600ce1 100644
--- a/vendor/github.com/golang-jwt/jwt/v5/hmac.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
@@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa
 func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) {
 	if keyBytes, ok := key.([]byte); ok {
 		if !m.Hash.Available() {
-			return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
+			return nil, ErrHashUnavailable
 		}
 
 		hasher := hmac.New(m.Hash.New, keyBytes)
@@ -100,5 +100,5 @@ func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte,
 		return hasher.Sum(nil), nil
 	}
 
-	return nil, ErrInvalidKeyType
+	return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
 }
diff --git a/vendor/modules.txt b/vendor/modules.txt
index c2694dafd..822d141a4 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -56,7 +56,7 @@ github.com/go-openapi/jsonpointer
 # github.com/go-openapi/swag v0.22.3
 ## explicit; go 1.18
 github.com/go-openapi/swag
-# github.com/golang-jwt/jwt/v5 v5.2.0
+# github.com/golang-jwt/jwt/v5 v5.2.1
 ## explicit; go 1.18
 github.com/golang-jwt/jwt/v5
 # github.com/golang/protobuf v1.5.3

From f3ea23a64aec53be38888c8ddb94b117ef3a3bfa Mon Sep 17 00:00:00 2001
From: Johannes Koch <johannes.koch@milecrew.com>
Date: Tue, 9 Jul 2024 13:51:17 +0200
Subject: [PATCH 2/2] updated changelog entry

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cfe8a84c5..e8b25d6db 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,7 +26,7 @@ Unreleased changes are available as `coupergateway/couper:edge` container.
 
 * **Dependencies**
   * build with go 1.22 ([#810](https://github.com/coupergateway/couper/pull/810))
-  * upgrade jwt library from v4 to v5 ([#769](https://github.com/coupergateway/couper/issues/769))
+  * upgrade jwt library from v4 to v5 ([#769](https://github.com/coupergateway/couper/issues/769), [#834](https://github.com/coupergateway/couper/pull/834))
 
 ---