tomqwpl

I currently also would like this. Having a year means you can express an individual point in time.

@robfig Any thoughts on merging this?

Yes, we also have the same problem. A naive swap to the form3tech-oss version of this library causes JWT tokens generated by dex not to verify as the Audience field...

As I understand it, and looking at the code, the CVE only affects MapClaims, and not StandardClaims. If you use a StandardClaims and the token has an audience array rather...

Ah, that makes sense. I hadn't spotted that, well I hadn't looked for it to be honest. I did wonder whether it might though, to avoid the incompatibility. So it's...

Perhaps this is best explained by a test case. Note that this test case shows what actually happens now: ``` func TestEscapedURLParams2(t *testing.T) { m := NewRouter() m.Get("/api/{identifier}", func(w http.ResponseWriter,...

Further examples of inconsistency introduced. Again these tests display the observed behaviour. The implementation of url.setPath means that the case in which you URL encode things affects whether the parameter...

In a fork I've created a fix that makes a simple change that appears to produce a consistent result. The existing tests all work, with the exception of the TestEscapedURLParams...

Gorilla mux has an option that says "use encoded path". It does the obvious thing. By default it will parse the unescaped path, as chi normally does. Route parameters are...

Yep, also have this problem, and I'm surprised more don't (I suspect they do, they just don't know it :-))