#3368 [Housekeeping] Avoid using archived github.com/dgrijalva/jwt-go Issue created by hajapy Describe the issue github.com/dgrijalva/jwt-go is archived and has been migrated to https://github.com/golang-jwt/jwt github.com/dgrijalva/jwt-go 3.2.0, is used in flyteadmin and is vulnerable to CVE-2020-26160, with a HIGH severity score. I believe this is brought in indirectly via github.com/ory/fosite. It should be possible to eliminate this dependency by updating to github.com/ory/fosite@v0.42.2 (v0.43.0+ appears to have api changes that break the build for flyteadmin). What if we do not do this? I believe this would only affect flyteadmin's built-in authz server, but it could also impact external auth. Not fixing this leaves auth in flyte as potentially vulnerable and continuing to rely upon an archived and no longer supported library. Related component(s) flyteadmin, flytescheduler, flyte single binary Are you sure this issue hasn't been raised already? ☑︎ Yes Have you read the Code of Conduct? ☑︎ Yes flyteorg/flyte