Skip to content

Commit d69a721

Browse files
lestrratdependabot[bot]sding3Nathan Laceyfrestr
authored
v2.0.19 (#1051)
* Bump golang.org/x/crypto from 0.14.0 to 0.15.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0. - [Commits](golang/crypto@v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Run gazelle-update-repos * Add jwe.WithCEK (#1011) * Add jwe.WithCEK * Allow using a static CEK via EncryptStatic * appease linter * Update go.sum * Docs * Update generated options * Add test * clarify when jwk.Set.RemoveKey can return error (#1015) * Remove signer instance upon call to jws.UnregisterSigner (#1017) * Delete signer instance upon call to jws.UnregisterSigner * Update Changes * Tweak documentation (#1018) * Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#1020) * Bump golang.org/x/crypto from 0.15.0 to 0.16.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0. - [Commits](golang/crypto@v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Run bazel and tidy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com> * Merge pull request from GHSA-7f9x-gw85-8grf * Update Changes * Appease linter * fix deps.bzl * Bump actions/setup-go from 4 to 5 (#1027) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/stale from 8 to 9 (#1029) Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v8...v9) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge #1044 (#1045) * update all dependencies 12/19/2023 * Run gazelle-update-repos --------- Co-authored-by: Nathan Lacey <nlacey@novetta.com> * Update go version in go.mod to go1.18, which matches CI (#1046) * Bump github/codeql-action from 2 to 3 (#1031) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add jws.IsVerificationError (#1049) * Add jws.IsVerificationError * tweak document * Merge pull request from GHSA-pvcr-v8j8-j5q3 * Add tests for empty protected headers * check for sig.protected == nil * Add one more case for missing protected headers in compact form * Update Changes * JWS: Check for sig.protected == nil on non-flattened input --------- Co-authored-by: Fredrik Strupe <fredrik@strupe.net> * Update Changes * fix typo --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shang Jian Ding <sding3@ncsu.edu> Co-authored-by: Nathan Lacey <nlacey@novetta.com> Co-authored-by: Fredrik Strupe <fredrik@strupe.net>
1 parent e75b7c8 commit d69a721

File tree

31 files changed

+530
-733
lines changed

31 files changed

+530
-733
lines changed

Diff for: .bazelversion

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
6.0.0
1+
6.4.0

Diff for: .github/workflows/benchmark.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
restore-keys: |
2525
${{ runner.os }}-go-
2626
- name: Install Go stable version
27-
uses: actions/setup-go@v4
27+
uses: actions/setup-go@v5
2828
with:
2929
go-version: ${{ matrix.go }}
3030
check-latest: true

Diff for: .github/workflows/ci.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
${{ runner.os }}-go-
2929
- name: Install Go stable version
3030
if: matrix.go != 'tip'
31-
uses: actions/setup-go@v4
31+
uses: actions/setup-go@v5
3232
with:
3333
go-version: ${{ matrix.go }}
3434
check-latest: true

Diff for: .github/workflows/codeql.yml

+3-3
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ jobs:
4444

4545
# Initializes the CodeQL tools for scanning.
4646
- name: Initialize CodeQL
47-
uses: github/codeql-action/init@v2
47+
uses: github/codeql-action/init@v3
4848
with:
4949
languages: ${{ matrix.language }}
5050
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
5858
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
5959
# If this step fails, then you should remove it and run the build manually (see below)
6060
- name: Autobuild
61-
uses: github/codeql-action/autobuild@v2
61+
uses: github/codeql-action/autobuild@v3
6262

6363
# ℹ️ Command-line programs to run using the OS shell.
6464
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
7171
# ./location_of_script_within_repo/buildscript.sh
7272

7373
- name: Perform CodeQL Analysis
74-
uses: github/codeql-action/analyze@v2
74+
uses: github/codeql-action/analyze@v3
7575
with:
7676
category: "/language:${{matrix.language}}"

Diff for: .github/workflows/lint.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
runs-on: ubuntu-latest
77
steps:
88
- uses: actions/checkout@v4
9-
- uses: actions/setup-go@v4
9+
- uses: actions/setup-go@v5
1010
with:
1111
go-version: 1.19
1212
check-latest: true

Diff for: .github/workflows/smoke.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
restore-keys: |
3434
${{ runner.os }}-go-
3535
- name: Install Go stable version
36-
uses: actions/setup-go@v4
36+
uses: actions/setup-go@v5
3737
with:
3838
go-version: ${{ matrix.go }}
3939
check-latest: true

Diff for: .github/workflows/stale.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ jobs:
77
stale:
88
runs-on: ubuntu-latest
99
steps:
10-
- uses: actions/stale@v8
10+
- uses: actions/stale@v9
1111
with:
1212
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
1313
stale-pr-message: 'This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 14 days.'

Diff for: Changes

+16
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,22 @@ Changes
44
v2 has many incompatibilities with v1. To see the full list of differences between
55
v1 and v2, please read the Changes-v2.md file (https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes-v2.md)
66

7+
v2.0.19 09 Jan 2023
8+
[New Features]
9+
* [jws] Added jws.IsVerificationError to check if the error returned by `jws.Verify`
10+
was caused by actual verification step or something else, for example, while fetching
11+
a key from datasource
12+
13+
[Security Fixes]
14+
* [jws] JWS messages formated in full JSON format (i.e. not the compact format, which
15+
consists of three base64 strings concatenated with a '.') with missing "protected"
16+
headers could cause a panic, thereby introducing a possiblity of a DoS.
17+
18+
This has been fixed so that the `jws.Parse` function succeeds in parsing a JWS message
19+
lacking a protected header. Calling `jws.Verify` on this same JWS message will result
20+
in a failed verification attempt. Note that this behavior will differ slightly when
21+
parsing JWS messages in compact form, which result in an error.
22+
723
v2.0.18 03 Dec 2023
824
[Security Fixes]
925
* [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,

Diff for: cmd/jwx/go.mod

+7-7
Original file line numberDiff line numberDiff line change
@@ -3,22 +3,22 @@ module github.com/lestrrat-go/jwx/v2/cmd/jwx
33
go 1.17
44

55
require (
6-
github.com/lestrrat-go/jwx/v2 v2.0.11
7-
github.com/urfave/cli/v2 v2.24.4
8-
golang.org/x/crypto v0.9.0
6+
github.com/lestrrat-go/jwx/v2 v2.0.18
7+
github.com/urfave/cli/v2 v2.26.0
8+
golang.org/x/crypto v0.17.0
99
)
1010

1111
require (
12-
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
12+
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
1313
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
1414
github.com/goccy/go-json v0.10.2 // indirect
15-
github.com/lestrrat-go/blackmagic v1.0.1 // indirect
15+
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
1616
github.com/lestrrat-go/httpcc v1.0.1 // indirect
1717
github.com/lestrrat-go/httprc v1.0.4 // indirect
1818
github.com/lestrrat-go/iter v1.0.2 // indirect
1919
github.com/lestrrat-go/option v1.0.1 // indirect
2020
github.com/russross/blackfriday/v2 v2.1.0 // indirect
2121
github.com/segmentio/asm v1.2.0 // indirect
22-
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
23-
golang.org/x/sys v0.8.0 // indirect
22+
github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e // indirect
23+
golang.org/x/sys v0.15.0 // indirect
2424
)

Diff for: cmd/jwx/go.sum

+18-12
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
1-
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
2-
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
1+
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
32
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
3+
github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
4+
github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
45
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
56
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
67
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -9,16 +10,16 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etly
910
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
1011
github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
1112
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
12-
github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
13-
github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
13+
github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
14+
github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
1415
github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
1516
github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
1617
github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
1718
github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
1819
github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
1920
github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
20-
github.com/lestrrat-go/jwx/v2 v2.0.11 h1:ViHMnaMeaO0qV16RZWBHM7GTrAnX2aFLVKofc7FuKLQ=
21-
github.com/lestrrat-go/jwx/v2 v2.0.11/go.mod h1:ZtPtMFlrfDrH2Y0iwfa3dRFn8VzwBrB+cyrm3IBWdDg=
21+
github.com/lestrrat-go/jwx/v2 v2.0.18 h1:HHZkYS5wWDDyAiNBwztEtDoX07WDhGEdixm8G06R50o=
22+
github.com/lestrrat-go/jwx/v2 v2.0.18/go.mod h1:fAJ+k5eTgKdDqanzCuK6DAt3W7n3cs2/FX7JhQdk83U=
2223
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
2324
github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
2425
github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
@@ -36,15 +37,17 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
3637
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
3738
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
3839
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
39-
github.com/urfave/cli/v2 v2.24.4 h1:0gyJJEBYtCV87zI/x2nZCPyDxD51K6xM8SkwjHFCNEU=
40-
github.com/urfave/cli/v2 v2.24.4/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
41-
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
40+
github.com/urfave/cli/v2 v2.26.0 h1:3f3AMg3HpThFNT4I++TKOejZO8yU55t3JnnSr4S4QEI=
41+
github.com/urfave/cli/v2 v2.26.0/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
4242
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
43+
github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e h1:+SOyEddqYF09QP7vr7CgJ1eti3pY9Fn3LHO1M1r/0sI=
44+
github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
4345
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
4446
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
4547
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
46-
golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
47-
golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
48+
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
49+
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
50+
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
4851
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
4952
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
5053
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -62,17 +65,20 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
6265
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
6366
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
6467
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
65-
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
6668
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
69+
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
70+
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
6771
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
6872
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
6973
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
7074
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
75+
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
7176
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
7277
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
7378
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
7479
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
7580
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
81+
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
7682
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
7783
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
7884
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

Diff for: deps.bzl

+2-37
Original file line numberDiff line numberDiff line change
@@ -95,13 +95,6 @@ def go_dependencies():
9595
sum = "h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=",
9696
version = "v1.8.4",
9797
)
98-
go_repository(
99-
name = "com_github_yuin_goldmark",
100-
build_file_proto_mode = "disable_global",
101-
importpath = "github.com/yuin/goldmark",
102-
sum = "h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=",
103-
version = "v1.4.13",
104-
)
10598

10699
go_repository(
107100
name = "in_gopkg_check_v1",
@@ -122,15 +115,8 @@ def go_dependencies():
122115
name = "org_golang_x_crypto",
123116
build_file_proto_mode = "disable_global",
124117
importpath = "golang.org/x/crypto",
125-
sum = "h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=",
126-
version = "v0.16.0",
127-
)
128-
go_repository(
129-
name = "org_golang_x_mod",
130-
build_file_proto_mode = "disable_global",
131-
importpath = "golang.org/x/mod",
132-
sum = "h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=",
133-
version = "v0.8.0",
118+
sum = "h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=",
119+
version = "v0.17.0",
134120
)
135121

136122
go_repository(
@@ -140,13 +126,6 @@ def go_dependencies():
140126
sum = "h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=",
141127
version = "v0.10.0",
142128
)
143-
go_repository(
144-
name = "org_golang_x_sync",
145-
build_file_proto_mode = "disable_global",
146-
importpath = "golang.org/x/sync",
147-
sum = "h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=",
148-
version = "v0.1.0",
149-
)
150129

151130
go_repository(
152131
name = "org_golang_x_sys",
@@ -170,17 +149,3 @@ def go_dependencies():
170149
sum = "h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=",
171150
version = "v0.14.0",
172151
)
173-
go_repository(
174-
name = "org_golang_x_tools",
175-
build_file_proto_mode = "disable_global",
176-
importpath = "golang.org/x/tools",
177-
sum = "h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=",
178-
version = "v0.6.0",
179-
)
180-
go_repository(
181-
name = "org_golang_x_xerrors",
182-
build_file_proto_mode = "disable_global",
183-
importpath = "golang.org/x/xerrors",
184-
sum = "h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=",
185-
version = "v0.0.0-20190717185122-a985d3407aa7",
186-
)

Diff for: examples/go.sum

+2-3
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
3636
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
3737
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
3838
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
39-
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
40-
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
39+
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
40+
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
4141
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
4242
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
4343
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -74,7 +74,6 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
7474
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
7575
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
7676
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
77-
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
7877
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
7978
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
8079
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

Diff for: go.mod

+10-2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/lestrrat-go/jwx/v2
22

3-
go 1.16
3+
go 1.18
44

55
require (
66
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
@@ -11,5 +11,13 @@ require (
1111
github.com/lestrrat-go/option v1.0.1
1212
github.com/segmentio/asm v1.2.0
1313
github.com/stretchr/testify v1.8.4
14-
golang.org/x/crypto v0.16.0
14+
golang.org/x/crypto v0.17.0
15+
)
16+
17+
require (
18+
github.com/davecgh/go-spew v1.1.1 // indirect
19+
github.com/lestrrat-go/httpcc v1.0.1 // indirect
20+
github.com/pmezard/go-difflib v1.0.0 // indirect
21+
golang.org/x/sys v0.15.0 // indirect
22+
gopkg.in/yaml.v3 v3.0.1 // indirect
1523
)

0 commit comments

Comments
 (0)