chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.7 to 1.2.8

[dependabot]

Bumps github.com/lestrrat-go/jwx from 1.2.7 to 1.2.8.

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.8

v1.2.8 21 Oct 2021
[Miscellaneous]
  * `jws.Message`, `jws.Signature`, `jws.Headers` have been reworked
    to allow JSON messages to be verified correctly. The problem can
    be caused when protected headers are serialized one way (perhaps
    `{"c":3","a":1,"b":2}` was used before being base64-encoded) but
    the Go serialization differed from it (Go serializes in alphabetical
    order: `{"a":1,"b":2,"c":3}`)
Messages serialized in compact form do NOT suffer from the
same problem.
This is close to fixes that went in v1.2.2. It boils down to the

fact that once deserialized, the JWS messages lose part of its

information (namely, the raw, original protected header value),

and neither users nor the developers of this library should

rely on it.



Code generation has be refactored. The main go.mod should now
have slightly less dependencies.

Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.8 21 Oct 2021 [Miscellaneous]

• jws.Message, jws.Signature, jws.Headers have been reworked to allow JSON messages to be verified correctly. The problem can be caused when protected headers are serialized one way (perhaps {"c":3","a":1,"b":2} was used before being base64-encoded) but the Go serialization differed from it (Go serializes in alphabetical order: {"a":1,"b":2,"c":3})

  Messages serialized in compact form do NOT suffer from the same problem.

  This is close to fixes that went in v1.2.2. It boils down to the fact that once deserialized, the JWS messages lose part of its information (namely, the raw, original protected header value), and neither users nor the developers of this library should rely on it.

• Code generation has be refactored. The main go.mod should now have slightly less dependencies.

Commits

• f2bdd8c Update Changes
• 27bd213 Refactor internal code generation tools (#488)
• 2dbe11b Bump github.com/goccy/go-json from 0.7.9 to 0.7.10 (#487)
• 3c20a92 [jws] Fix verification for JSON objects (#486)
• 4c29e6c fix WithValidator doc (#481)
• 2dfca56 Bump github.com/goccy/go-json from 0.7.8 to 0.7.9 (#478)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)