Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/lestrrat-go/jwx from 1.2.17 to 1.2.25 #1742

Merged
merged 1 commit into from Jul 25, 2022
Merged

Bump github.com/lestrrat-go/jwx from 1.2.17 to 1.2.25 #1742

merged 1 commit into from Jul 25, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 23, 2022
edited

Bumps github.com/lestrrat-go/jwx from 1.2.17 to 1.2.25.

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.25

v1.2.25 23 May 2022
[Bug Fixes][Security]
  * [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding,
    where the unpad operation might remove more bytes than necessary ([#744](https://github.com/lestrrat-go/jwx/issues/744))
    This affects all jwx code that is available before v2.0.2 and v1.2.25.

v1.2.24

v1.2.24 05 May 2022
[Security]
  * Upgrade golang.org/x/crypto ([#724](https://github.com/lestrrat-go/jwx/issues/724))

v1.2.23

v1.2.23 13 Apr 2022
[Bug fixes]
  * [jwk] jwk.AutoRefresh had a race condition when `Configure()` was
    called concurrently ([#686](https://github.com/lestrrat-go/jwx/issues/686))
    (It has been patched correctly, but we may come back to revisit
     the design choices in the near future)

v1.2.22

v1.2.22 08 Apr 2022
[Bug fixes]
  * [jws] jws.Verify was ignoring the `b64` header when it was present
    in the protected headers ([#681](https://github.com/lestrrat-go/jwx/issues/681)). Now the following should work:

  jws.Sign(..., jws.WithDetachedPayload(payload))
  // previously payload had to be base64 encoded
  jws.Verify(..., jws.WithDetachedPayload(payload))

(note: v2 branch was not affected)

v1.2.21

v1.2.21 30 Mar 2022
[Bug fixes]
  * [jwk] RSA keys without p and q can now be parsed.

v1.2.20

v1.2.20 03 Mar 2022
</tr></table>

... (truncated)

Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.25 23 May 2022 [Bug Fixes][Security]

  • [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding, where the unpad operation might remove more bytes than necessary (#744) This affects all jwx code that is available before v2.0.2 and v1.2.25.

v1.2.24 05 May 2022 [Security]

  • Upgrade golang.org/x/crypto (#724)

v1.2.23 13 Apr 2022 [Bug fixes]

  • [jwk] jwk.AutoRefresh had a race condition when Configure() was called concurrently (#686) (It has been patched correctly, but we may come back to revisit the design choices in the near future)

v1.2.22 08 Apr 2022 [Bug fixes]

  • [jws] jws.Verify was ignoring the b64 header when it was present in the protected headers (#681). Now the following should work:

    jws.Sign(..., jws.WithDetachedPayload(payload)) // previously payload had to be base64 encoded jws.Verify(..., jws.WithDetachedPayload(payload))

    (note: v2 branch was not affected)

v1.2.21 30 Mar 2022 [Bug fixes]

  • [jwk] RSA keys without p and q can now be parsed.

v1.2.20 03 Mar 2022 [Miscellaneous]

v1.2.19 22 Feb 2022 [New Feature]

  • [jwk] jwk.Parse (and (jwk.AutoRefresh).Configure) can accept a new option jwk.WithIgnoreParseError(bool), which allows users to ignore errors during parsing of each key contained in the JWKS, allowing you to "skip" invalid keys.

    This option should not be used lightly, as it hides the presence of possibly faulty keys. However, this can be an escape hatch if you are faced with a faulty JWKS that you do not control.

v1.2.18 23 Jan 2022

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Go code labels May 23, 2022
@dependabot dependabot bot mentioned this pull request May 23, 2022
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/lestrrat-go/jwx-1.2.25 branch from 8e57288 to ba91b35 Compare July 24, 2022 22:20
@dependabot
Bump github.com/lestrrat-go/jwx from 1.2.17 to 1.2.25
db02514 
Bumps [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) from 1.2.17 to 1.2.25.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v1.2.25/Changes)
- [Commits](lestrrat-go/jwx@v1.2.17...v1.2.25)

---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/lestrrat-go/jwx-1.2.25 branch from ba91b35 to db02514 Compare July 24, 2022 23:34
@deluan deluan merged commit 7d58f44 into master Jul 25, 2022
@deluan deluan deleted the dependabot/go_modules/github.com/lestrrat-go/jwx-1.2.25 branch July 25, 2022 14:08
@github-actions
Copy link

github-actions bot commented Mar 9, 2023

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@deluan