~kobuk-team/ubuntu/+source/golang-github-lestrrat-go-jwx.v2:mantic-23.10
- Get this branch:
-
git clone
-b mantic-23.10
https://git.launchpad.net/~kobuk-team/ubuntu/+source/golang-github-lestrrat-go-jwx.v2
Branch merges
Related source package recipes
Branch information
- Name:
- mantic-23.10
Recent commits
- 1cfeef1... by Hector CAO
-
d/changelog : release mantic
- efacfba... by Hector CAO
-
Add debian folder
- be93b3f... by lestrrat <email address hidden>
-
merge for v2.0.13 (#989)
* Merge pull request from GHSA-rm8v-mxj3-5rmq
### Summary
Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability.
### Details
On [v2.0.10](https:/
/github. com/lestrrat- go/jwx/ releases/ tag/v2. 0.10), decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding": ```go
plaintext, err := unpad(buf, c.blockCipher.BlockSize( ))
if err != nil {
return nil, fmt.Errorf(`failed to generate plaintext from decrypted blocks: %w`, err)
}
```Reporting padding error causes [Padding Oracle Attack](https:/
/en.wikipedia. org/wiki/ Padding_ oracle_ attack) Vulnerability.
RFC 7516 JSON Web Encryption (JWE) says that we MUST NOT do this.> 11.5. Timing Attacks
> To mitigate the attacks described in RFC 3218 [RFC3218], the
> recipient MUST NOT distinguish between format, padding, and length
> errors of encrypted keys. It is strongly recommended, in the event
> of receiving an improperly formatted key, that the recipient
> substitute a randomly generated CEK and proceed to the next step, to
> mitigate timing attacks.In addition, the time to remove padding depends on the length of the padding.
It may leak the length of the padding by Timing Attacks.```go
func unpad(buf []byte, n int) ([]byte, error) {
lbuf := len(buf)
rem := lbuf % n// First, `buf` must be a multiple of `n`
if rem != 0 {
return nil, fmt.Errorf("input buffer must be multiple of block size %d", n)
}// Find the last byte, which is the encoded padding
// i.e. 0x1 == 1 byte worth of padding
last := buf[lbuf-1]// This is the number of padding bytes that we expect
expected := int(last)if expected == 0 || /* we _have_ to have padding here. therefore, 0x0 is not an option */
expected > n || /* we also must make sure that we don't go over the block size (n) */
expected > lbuf /* finally, it can't be more than the buffer itself. unlikely, but could happen */ {
return nil, fmt.Errorf(`invalid padding byte at the end of buffer`)
}// start i = 1 because we have already established that expected == int(last) where
// last = buf[lbuf-1].
//
// we also don't check against lbuf-i in range, because we have established expected <= lbuf
for i := 1; i < expected; i++ {
if buf[lbuf-i] != last {
return nil, fmt.Errorf(`invalid padding`)
}
}return buf[:lbuf-
expected] , nil
}
```To mitigate Timing Attacks, it MUST be done in constant time.
### Impact
The authentication tag is verified, so it is not an immediate attack.
Co-authored-by: ICHINOSE Shogo <email address hidden>
* Update Changes
* Bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#938)
* Bump golang.org/x/crypto from 0.9.0 to 0.10.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.9.0 to 0.10.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.9.0. ..v0.10. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/lestrrat- go/jwx/ v2 from 2.0.8 to 2.0.11 in /cmd/jwx (#942) Bumps [github.
com/lestrrat- go/jwx/ v2](https:/ /github. com/lestrrat- go/jwx) from 2.0.8 to 2.0.11.
- [Release notes](https://github. com/lestrrat- go/jwx/ releases)
- [Changelog](https://github. com/lestrrat- go/jwx/ blob/develop/ v2/Changes)
- [Commits](https://github. com/lestrrat- go/jwx/ compare/ v2.0.8. ..v2.0. 11) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/jwx/ v2
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/jwx/ v2 from 2.0.8 to 2.0.11 in /examples (#943) Bumps [github.
com/lestrrat- go/jwx/ v2](https:/ /github. com/lestrrat- go/jwx) from 2.0.8 to 2.0.11.
- [Release notes](https://github. com/lestrrat- go/jwx/ releases)
- [Changelog](https://github. com/lestrrat- go/jwx/ blob/develop/ v2/Changes)
- [Commits](https://github. com/lestrrat- go/jwx/ compare/ v2.0.8. ..v2.0. 11) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/jwx/ v2
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/jwx/ v2 in /bench/performance (#944) Bumps [github.
com/lestrrat- go/jwx/ v2](https:/ /github. com/lestrrat- go/jwx) from 2.0.8 to 2.0.11.
- [Release notes](https://github. com/lestrrat- go/jwx/ releases)
- [Changelog](https://github. com/lestrrat- go/jwx/ blob/develop/ v2/Changes)
- [Commits](https://github. com/lestrrat- go/jwx/ compare/ v2.0.8. ..v2.0. 11) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/jwx/ v2
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * remove unnecessarily err checks (#948)
godoc says hash.Hash.Write never returns an error: https:/
/pkg.go. dev/hash# Hash > Write (via the embedded io.Writer interface) adds more data to the running hash.
> It never returns an error.So, we don't need to check errors of Write in Hmac.ComputeAut
hTag. * Adam korcz fix 1 (#949)
* fix panic from empty seed
Signed-off-by: AdamKorcz <email address hidden>
* Add test case
---------
Signed-off-by: AdamKorcz <email address hidden>
Co-authored-by: AdamKorcz <email address hidden>* add size check (#950)
Signed-off-by: AdamKorcz <email address hidden>
* Add test case to #952 (#953)
* Do not ignore custom encrypt and sign options in jwt package
Fixes #951
* Add test case
* Update Changes
---------
Co-authored-by: ItalyPaleAle <email address hidden>
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#956)
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.10.0 to 0.11.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.10.0. ..v0.11. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* Update bazel repos
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#963)
* Bump golang.org/x/crypto from 0.11.0 to 0.12.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.11.0 to 0.12.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.11.0. ..v0.12. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* Run gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Add documentation that explains #959 (#964)
* Add documentation that explains #959
* run genoptions
* Update Changes for v2.0.12
* Add example for using raw JWT (#967)
* Add example for using raw JWT
* typo
* autodoc updates (#968)
Co-authored-by: lestrrat <email address hidden>
* Update jwk iteration (#971)
* autodoc updates (#972)
Co-authored-by: lestrrat <email address hidden>
* Bump actions/checkout from 3 to 4 (#974)
Bumps [actions/checkout](https:/
/github. com/actions/ checkout) from 3 to 4.
- [Release notes](https://github. com/actions/ checkout/ releases)
- [Changelog](https://github. com/actions/ checkout/ blob/main/ CHANGELOG. md)
- [Commits](https://github. com/actions/ checkout/ compare/ v3...v4) ---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Update HWK option documentation (#979)
* Update option documentation
* reinstance CacheOption
* Sample implementation of jwk.Equal (#977)
* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#976)
* Bump golang.org/x/crypto from 0.12.0 to 0.13.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.12.0 to 0.13.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.12.0. ..v0.13. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* Run gazelle-
update- repos & make tidy ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/lestrrat- go/blackmagic from 1.0.1 to 1.0.2 (#983) * Bump github.
com/lestrrat- go/blackmagic from 1.0.1 to 1.0.2 Bumps [github.
com/lestrrat- go/blackmagic] (https:/ /github. com/lestrrat- go/blackmagic) from 1.0.1 to 1.0.2.
- [Commits](https://github. com/lestrrat- go/blackmagic/ compare/ v1.0.1. ..v1.0. 2) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/blackmagic
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run gazelle-
update- repos * Run make tidy
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* adapt to change in notation
* Upgrade golangci-lint to 1.54.2 (#986)
* Update Changes
---------
Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: AdamKorcz <email address hidden>
Co-authored-by: ICHINOSE Shogo <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: AdamKorcz <email address hidden>
Co-authored-by: AdamKorcz <email address hidden>
Co-authored-by: ItalyPaleAle <email address hidden>
Co-authored-by: github-actions[bot] <41898282+github- actions[ bot]@users. noreply. github. com>
Co-authored-by: lestrrat <email address hidden> - 466c277... by lestrrat <email address hidden>
-
Merge for v2.0.12 (#965)
* Merge pull request from GHSA-rm8v-mxj3-5rmq
### Summary
Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability.
### Details
On [v2.0.10](https:/
/github. com/lestrrat- go/jwx/ releases/ tag/v2. 0.10), decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding": ```go
plaintext, err := unpad(buf, c.blockCipher.BlockSize( ))
if err != nil {
return nil, fmt.Errorf(`failed to generate plaintext from decrypted blocks: %w`, err)
}
```Reporting padding error causes [Padding Oracle Attack](https:/
/en.wikipedia. org/wiki/ Padding_ oracle_ attack) Vulnerability.
RFC 7516 JSON Web Encryption (JWE) says that we MUST NOT do this.> 11.5. Timing Attacks
> To mitigate the attacks described in RFC 3218 [RFC3218], the
> recipient MUST NOT distinguish between format, padding, and length
> errors of encrypted keys. It is strongly recommended, in the event
> of receiving an improperly formatted key, that the recipient
> substitute a randomly generated CEK and proceed to the next step, to
> mitigate timing attacks.In addition, the time to remove padding depends on the length of the padding.
It may leak the length of the padding by Timing Attacks.```go
func unpad(buf []byte, n int) ([]byte, error) {
lbuf := len(buf)
rem := lbuf % n// First, `buf` must be a multiple of `n`
if rem != 0 {
return nil, fmt.Errorf("input buffer must be multiple of block size %d", n)
}// Find the last byte, which is the encoded padding
// i.e. 0x1 == 1 byte worth of padding
last := buf[lbuf-1]// This is the number of padding bytes that we expect
expected := int(last)if expected == 0 || /* we _have_ to have padding here. therefore, 0x0 is not an option */
expected > n || /* we also must make sure that we don't go over the block size (n) */
expected > lbuf /* finally, it can't be more than the buffer itself. unlikely, but could happen */ {
return nil, fmt.Errorf(`invalid padding byte at the end of buffer`)
}// start i = 1 because we have already established that expected == int(last) where
// last = buf[lbuf-1].
//
// we also don't check against lbuf-i in range, because we have established expected <= lbuf
for i := 1; i < expected; i++ {
if buf[lbuf-i] != last {
return nil, fmt.Errorf(`invalid padding`)
}
}return buf[:lbuf-
expected] , nil
}
```To mitigate Timing Attacks, it MUST be done in constant time.
### Impact
The authentication tag is verified, so it is not an immediate attack.
Co-authored-by: ICHINOSE Shogo <email address hidden>
* Update Changes
* Bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#938)
* Bump golang.org/x/crypto from 0.9.0 to 0.10.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.9.0 to 0.10.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.9.0. ..v0.10. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/lestrrat- go/jwx/ v2 from 2.0.8 to 2.0.11 in /cmd/jwx (#942) Bumps [github.
com/lestrrat- go/jwx/ v2](https:/ /github. com/lestrrat- go/jwx) from 2.0.8 to 2.0.11.
- [Release notes](https://github. com/lestrrat- go/jwx/ releases)
- [Changelog](https://github. com/lestrrat- go/jwx/ blob/develop/ v2/Changes)
- [Commits](https://github. com/lestrrat- go/jwx/ compare/ v2.0.8. ..v2.0. 11) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/jwx/ v2
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/jwx/ v2 from 2.0.8 to 2.0.11 in /examples (#943) Bumps [github.
com/lestrrat- go/jwx/ v2](https:/ /github. com/lestrrat- go/jwx) from 2.0.8 to 2.0.11.
- [Release notes](https://github. com/lestrrat- go/jwx/ releases)
- [Changelog](https://github. com/lestrrat- go/jwx/ blob/develop/ v2/Changes)
- [Commits](https://github. com/lestrrat- go/jwx/ compare/ v2.0.8. ..v2.0. 11) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/jwx/ v2
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/jwx/ v2 in /bench/performance (#944) Bumps [github.
com/lestrrat- go/jwx/ v2](https:/ /github. com/lestrrat- go/jwx) from 2.0.8 to 2.0.11.
- [Release notes](https://github. com/lestrrat- go/jwx/ releases)
- [Changelog](https://github. com/lestrrat- go/jwx/ blob/develop/ v2/Changes)
- [Commits](https://github. com/lestrrat- go/jwx/ compare/ v2.0.8. ..v2.0. 11) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/jwx/ v2
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * remove unnecessarily err checks (#948)
godoc says hash.Hash.Write never returns an error: https:/
/pkg.go. dev/hash# Hash > Write (via the embedded io.Writer interface) adds more data to the running hash.
> It never returns an error.So, we don't need to check errors of Write in Hmac.ComputeAut
hTag. * Adam korcz fix 1 (#949)
* fix panic from empty seed
Signed-off-by: AdamKorcz <email address hidden>
* Add test case
---------
Signed-off-by: AdamKorcz <email address hidden>
Co-authored-by: AdamKorcz <email address hidden>* add size check (#950)
Signed-off-by: AdamKorcz <email address hidden>
* Add test case to #952 (#953)
* Do not ignore custom encrypt and sign options in jwt package
Fixes #951
* Add test case
* Update Changes
---------
Co-authored-by: ItalyPaleAle <email address hidden>
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#956)
* Bump golang.org/x/crypto from 0.10.0 to 0.11.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.10.0 to 0.11.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.10.0. ..v0.11. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* Update bazel repos
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#963)
* Bump golang.org/x/crypto from 0.11.0 to 0.12.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.11.0 to 0.12.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.11.0. ..v0.12. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* Run gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Add documentation that explains #959 (#964)
* Add documentation that explains #959
* run genoptions
* Update Changes for v2.0.12
---------
Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: AdamKorcz <email address hidden>
Co-authored-by: ICHINOSE Shogo <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: AdamKorcz <email address hidden>
Co-authored-by: AdamKorcz <email address hidden>
Co-authored-by: ItalyPaleAle <email address hidden> - 6c41e38... by lestrrat <email address hidden>
-
merge for v2 (#939)
* Merge pull request from GHSA-rm8v-mxj3-5rmq
### Summary
Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability.
### Details
On [v2.0.10](https:/
/github. com/lestrrat- go/jwx/ releases/ tag/v2. 0.10), decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding": ```go
plaintext, err := unpad(buf, c.blockCipher.BlockSize( ))
if err != nil {
return nil, fmt.Errorf(`failed to generate plaintext from decrypted blocks: %w`, err)
}
```Reporting padding error causes [Padding Oracle Attack](https:/
/en.wikipedia. org/wiki/ Padding_ oracle_ attack) Vulnerability.
RFC 7516 JSON Web Encryption (JWE) says that we MUST NOT do this.> 11.5. Timing Attacks
> To mitigate the attacks described in RFC 3218 [RFC3218], the
> recipient MUST NOT distinguish between format, padding, and length
> errors of encrypted keys. It is strongly recommended, in the event
> of receiving an improperly formatted key, that the recipient
> substitute a randomly generated CEK and proceed to the next step, to
> mitigate timing attacks.In addition, the time to remove padding depends on the length of the padding.
It may leak the length of the padding by Timing Attacks.```go
func unpad(buf []byte, n int) ([]byte, error) {
lbuf := len(buf)
rem := lbuf % n// First, `buf` must be a multiple of `n`
if rem != 0 {
return nil, fmt.Errorf("input buffer must be multiple of block size %d", n)
}// Find the last byte, which is the encoded padding
// i.e. 0x1 == 1 byte worth of padding
last := buf[lbuf-1]// This is the number of padding bytes that we expect
expected := int(last)if expected == 0 || /* we _have_ to have padding here. therefore, 0x0 is not an option */
expected > n || /* we also must make sure that we don't go over the block size (n) */
expected > lbuf /* finally, it can't be more than the buffer itself. unlikely, but could happen */ {
return nil, fmt.Errorf(`invalid padding byte at the end of buffer`)
}// start i = 1 because we have already established that expected == int(last) where
// last = buf[lbuf-1].
//
// we also don't check against lbuf-i in range, because we have established expected <= lbuf
for i := 1; i < expected; i++ {
if buf[lbuf-i] != last {
return nil, fmt.Errorf(`invalid padding`)
}
}return buf[:lbuf-
expected] , nil
}
```To mitigate Timing Attacks, it MUST be done in constant time.
### Impact
The authentication tag is verified, so it is not an immediate attack.
Co-authored-by: ICHINOSE Shogo <email address hidden>
* Update Changes
---------
Co-authored-by: ICHINOSE Shogo <email address hidden>
- 8840ffd... by lestrrat <email address hidden>
-
merge for v2.0.10 (#932)
* Update deps
* Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841)
* Protect jws.Verify() from panic on go1.19+
* Same problem, but in jwe
* Update Changes
* fix example (#843)
I have a feeling we inadvertently reverted some commit
* Action updates, doc tweaks (#844)
* Use tparse (#845)
* Use tparse
* s/all/alltags/
* fix typo (#846)
* fix typo (#847)
* Bump kentaro-
m/auto- assign- action from 1.2.0 to 1.2.4 (#848) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.0 to 1.2.4.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.0. ..v1.2. 4) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump codecov/
codecov- action from 1 to 3 (#849) Bumps [codecov/
codecov- action] (https:/ /github. com/codecov/ codecov- action) from 1 to 3.
- [Release notes](https://github. com/codecov/ codecov- action/ releases)
- [Changelog](https://github. com/codecov/ codecov- action/ blob/main/ CHANGELOG. md)
- [Commits](https://github. com/codecov/ codecov- action/ compare/ v1...v3) ---
updated-dependencies:
- dependency-name: codecov/codecov- action
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Work with invalid JWT buffers better (#851)
* Work with invalid JWT buffers better
* spelling
* Update Changes
* typo
* Tweak Changes
* Update Changes
* Bump github.
com/goccy/ go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.9.11 to 0.10.0.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.9.11. ..v0.10. 0) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.
com/lestrrat- go/option] (https:/ /github. com/lestrrat- go/option) from 1.0.0 to 1.0.1.
- [Release notes](https://github. com/lestrrat- go/option/ releases)
- [Commits](https://github. com/lestrrat- go/option/ compare/ v1.0.0. ..v1.0. 1) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/option
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump actions/stale from 6 to 7 (#859)
Bumps [actions/stale](https:/
/github. com/actions/ stale) from 6 to 7.
- [Release notes](https://github. com/actions/ stale/releases)
- [Changelog](https://github. com/actions/ stale/blob/ main/CHANGELOG. md)
- [Commits](https://github. com/actions/ stale/compare/ v6...v7) ---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Tweak v2 tests (#863)
* Port changes from #862
* Actually report errors
* fix expected result
* Unbeknownst to me, benchstat seems to have changed
* Update Contribution Guidelines
* Fix generated header file comments (#867)
The generated file header should match regexp:
^// Code generated .* DO NOT EDIT\.$See https:/
/golang. org/s/generated code. * Remove unused variables in ReadFile (#866)
* Bump kentaro-
m/auto- assign- action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.4 to 1.2.5.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.4. ..v1.2. 5) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Update tool deps (#869)
* Try updating tools for genjwt
* Update genjws
* Update genjwe
* Update genjwk
* Update genjwa
* Update genjwk
* Updage genoptions
* Update genreadfile
* Fix PEM armor for EC private keys when encoding (#876)
* Incorporate #875
* Test PEM roundtrip for other key types
* Use more constants
* Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.0.0-202204271 72511-eb4f295cb 31f to 0.6.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ commits/ v0.6.0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 (#873) * Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 Bumps [github.
com/stretchr/ testify] (https:/ /github. com/stretchr/ testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github. com/stretchr/ testify/ releases)
- [Commits](https://github. com/stretchr/ testify/ compare/ v1.8.1. ..v1.8. 2) ---
updated-dependencies:
- dependency-name: github.com/stretchr/ testify
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Create codeql.yml
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ compare/ v0.6.0. ..v0.7. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run go get and make tidy
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Add bazel support (#880)
* Attempt to enable bazel
* enable bazel building in smoke tests too
* tweak order
* Add explicit imports
* Add deps.bzl
* remove unused file reference
* Add missing BUILD file
* Add missing BUILD file
* add missing BUILD.bazel files
* add .bazelversion
* Add aspect presets
* Update Changes/README
* Create an auto-merge action for dependabot (#884)
* Create an auto-merge action for dependabot
* approve and merge
* indent
* Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 (#882) * Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.0 to 0.10.1.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.0. ..v0.10. 1) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Fix jwk cache docs (#885)
* Fix example comment
* Upon re-reading, this sentence does not need to exist
* autodoc updates (#886)
Co-authored-by: lestrrat <email address hidden>
* Bump actions/setup-go from 3 to 4 (#887)
Bumps [actions/setup-go](https:/
/github. com/actions/ setup-go) from 3 to 4.
- [Release notes](https://github. com/actions/ setup-go/ releases)
- [Commits](https://github. com/actions/ setup-go/ compare/ v3...v4) ---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Allow "none" algorithm when signing with explicit option (#890)
* Add test case for #888
* Catch the use of "none" when used in conjunction with jws.WithKey
* first pass implementing (jwt/jws).Sign that allows alg="none"
* regenerate jwt options
* appease linter
* Check for jws.Sign/Verify
* OK to _sign_ using `none`, but no verification
* Tweak Changes
* typo (#893)
* Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 (#892) * Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.1 to 0.10.2.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.1. ..v0.10. 2) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Bump github.
com/goccy/ go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.9.11 to 0.10.0.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.9.11. ..v0.10. 0) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.
com/lestrrat- go/option] (https:/ /github. com/lestrrat- go/option) from 1.0.0 to 1.0.1.
- [Release notes](https://github. com/lestrrat- go/option/ releases)
- [Commits](https://github. com/lestrrat- go/option/ compare/ v1.0.0. ..v1.0. 1) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/option
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump actions/stale from 6 to 7 (#859)
Bumps [actions/stale](https:/
/github. com/actions/ stale) from 6 to 7.
- [Release notes](https://github. com/actions/ stale/releases)
- [Changelog](https://github. com/actions/ stale/blob/ main/CHANGELOG. md)
- [Commits](https://github. com/actions/ stale/compare/ v6...v7) ---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Tweak v2 tests (#863)
* Port changes from #862
* Actually report errors
* fix expected result
* Unbeknownst to me, benchstat seems to have changed
* Update Contribution Guidelines
* Fix generated header file comments (#867)
The generated file header should match regexp:
^// Code generated .* DO NOT EDIT\.$See https:/
/golang. org/s/generated code. * Remove unused variables in ReadFile (#866)
* Bump kentaro-
m/auto- assign- action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.4 to 1.2.5.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.4. ..v1.2. 5) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Update tool deps (#869)
* Try updating tools for genjwt
* Update genjws
* Update genjwe
* Update genjwk
* Update genjwa
* Update genjwk
* Updage genoptions
* Update genreadfile
* Fix PEM armor for EC private keys when encoding (#876)
* Incorporate #875
* Test PEM roundtrip for other key types
* Use more constants
* Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.0.0-202204271 72511-eb4f295cb 31f to 0.6.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ commits/ v0.6.0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 (#873) * Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 Bumps [github.
com/stretchr/ testify] (https:/ /github. com/stretchr/ testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github. com/stretchr/ testify/ releases)
- [Commits](https://github. com/stretchr/ testify/ compare/ v1.8.1. ..v1.8. 2) ---
updated-dependencies:
- dependency-name: github.com/stretchr/ testify
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Create codeql.yml
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ compare/ v0.6.0. ..v0.7. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run go get and make tidy
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Add bazel support (#880)
* Attempt to enable bazel
* enable bazel building in smoke tests too
* tweak order
* Add explicit imports
* Add deps.bzl
* remove unused file reference
* Add missing BUILD file
* Add missing BUILD file
* add missing BUILD.bazel files
* add .bazelversion
* Add aspect presets
* Update Changes/README
* Create an auto-merge action for dependabot (#884)
* Create an auto-merge action for dependabot
* approve and merge
* indent
* Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 (#882) * Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.0 to 0.10.1.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.0. ..v0.10. 1) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Fix jwk cache docs (#885)
* Fix example comment
* Upon re-reading, this sentence does not need to exist
* autodoc updates (#886)
Co-authored-by: lestrrat <email address hidden>
* Bump actions/setup-go from 3 to 4 (#887)
Bumps [actions/setup-go](https:/
/github. com/actions/ setup-go) from 3 to 4.
- [Release notes](https://github. com/actions/ setup-go/ releases)
- [Commits](https://github. com/actions/ setup-go/ compare/ v3...v4) ---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Allow "none" algorithm when signing with explicit option (#890)
* Add test case for #888
* Catch the use of "none" when used in conjunction with jws.WithKey
* first pass implementing (jwt/jws).Sign that allows alg="none"
* regenerate jwt options
* appease linter
* Check for jws.Sign/Verify
* OK to _sign_ using `none`, but no verification
* Tweak Changes
* typo (#893)
* Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 (#892) * Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.1 to 0.10.2.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.1. ..v0.10. 2) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Bump actions/stale from 7 to 8 (#895)
Bumps [actions/stale](https:/
/github. com/actions/ stale) from 7 to 8.
- [Release notes](https://github. com/actions/ stale/releases)
- [Changelog](https://github. com/actions/ stale/blob/ main/CHANGELOG. md)
- [Commits](https://github. com/actions/ stale/compare/ v7...v8) ---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * tweak labels for dependabot (#899)
* Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#897)
* Bump golang.org/x/crypto from 0.7.0 to 0.8.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.7.0 to 0.8.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ compare/ v0.7.0. ..v0.8. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* Run bazel //:gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Fix typo in "jwt.WithAudience" comment (#908)
* Bump github.
com/decred/ dcrd/dcrec/ secp256k1/ v4 from 4.1.0 to 4.2.0 (#907) * Bump github.
com/decred/ dcrd/dcrec/ secp256k1/ v4 from 4.1.0 to 4.2.0 Bumps [github.
com/decred/ dcrd/dcrec/ secp256k1/ v4](https:/ /github. com/decred/ dcrd) from 4.1.0 to 4.2.0.
- [Release notes](https://github. com/decred/ dcrd/releases)
- [Changelog](https://github. com/decred/ dcrd/blob/ master/ CHANGES)
- [Commits](https://github. com/decred/ dcrd/compare/ blockchain/ v4.1.0. ..dcrec/ secp256k1/ v4.2.0) ---
updated-dependencies:
- dependency-name: github.com/decred/ dcrd/dcrec/ secp256k1/ v4
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run make tidy + bazel run //:gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Precompute RSA key values so that tests succeed (#913)
* Use a symmetric key for example purposes (#914)
* autodoc updates (#915)
Co-authored-by: lestrrat <email address hidden>
* Hook in jwa.RegisterXXX functions with jws.Register(
Signer| Verifier) (#911) * First pass at connecting jws.Register(
Signer| Verifier) with jwa.RegisterXXX * Tweak CI
* Tweak docs
* fix docs
* protect access to signer/verifierDB
* Update Changes
* Allow use of segmentio/
asm/base64 (#916) * Enable segmentio/
asm/base64 and some internal API for pluggable base64 * Enable asmbase64 in CI
* Add missing commands
* Update bazel repos
* Mention jwx_asmbase64 (#917)
* Update README.md (#918)
Fixed typo: convetion -> convention
* use proper function name (#921)
* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#919)
* Bump golang.org/x/crypto from 0.8.0 to 0.9.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.8.0 to 0.9.0.
- [Commits](https://github. com/golang/ crypto/ compare/ v0.8.0. ..v0.9. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run gaelle-update-repos
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/cloudflare/ circl from 1.1.0 to 1.3.3 in /examples (#923) Bumps [github.
com/cloudflare/ circl](https:/ /github. com/cloudflare/ circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github. com/cloudflare/ circl/releases)
- [Commits](https://github. com/cloudflare/ circl/compare/ v1.1.0. ..v1.3. 3) ---
updated-dependencies:
- dependency-name: github.com/cloudflare/ circl
dependency-type: direct:production
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/stretchr/ testify from 1.8.2 to 1.8.3 (#927) * Bump github.
com/stretchr/ testify from 1.8.2 to 1.8.3 Bumps [github.
com/stretchr/ testify] (https:/ /github. com/stretchr/ testify) from 1.8.2 to 1.8.3.
- [Release notes](https://github. com/stretchr/ testify/ releases)
- [Commits](https://github. com/stretchr/ testify/ compare/ v1.8.2. ..v1.8. 3) ---
updated-dependencies:
- dependency-name: github.com/stretchr/ testify
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Implement jwk.SetGlobalFe
tcher (#929) * Implement SetGlobalFetcher
* Avoid using atomic.Bool so that it works on older Gos
* Appease GitHub code scanner
* Bad ineffectual assignment
* tweak docs
* oops, wrong issue number
* Bump github.
com/stretchr/ testify from 1.8.3 to 1.8.4 (#931) * Bump github.
com/stretchr/ testify from 1.8.3 to 1.8.4 Bumps [github.
com/stretchr/ testify] (https:/ /github. com/stretchr/ testify) from 1.8.3 to 1.8.4.
- [Release notes](https://github. com/stretchr/ testify/ releases)
- [Commits](https://github. com/stretchr/ testify/ compare/ v1.8.3. ..v1.8. 4) ---
updated-dependencies:
- dependency-name: github.com/stretchr/ testify
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Update bazel repos
* use specific tparse
* change minimum go version in smoke tet
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Implement jwe.KeyEncrypter and jwe.KeyDecrypter (#925)
* Implement jwe.KeyEncrypter and jwe.KeyDecrypter
This allows users to specify a key who can encrypt/decrypt by itself,
much like the built-in crypto.Signer interface.* Add experimental label to this feature
* Update Changes
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Oleksandr Redko <email address hidden>
Co-authored-by: Mitsuo Heijo <email address hidden>
Co-authored-by: github-actions[bot] <41898282+github- actions[ bot]@users. noreply. github. com>
Co-authored-by: lestrrat <email address hidden>
Co-authored-by: Alessandro (Ale) Segala <email address hidden>
Co-authored-by: wscalf <email address hidden> - fccc524... by lestrrat <email address hidden>
-
Update v2 (#894)
* Update deps
* Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841)
* Protect jws.Verify() from panic on go1.19+
* Same problem, but in jwe
* Update Changes
* fix example (#843)
I have a feeling we inadvertently reverted some commit
* Action updates, doc tweaks (#844)
* Use tparse (#845)
* Use tparse
* s/all/alltags/
* fix typo (#846)
* fix typo (#847)
* Bump kentaro-
m/auto- assign- action from 1.2.0 to 1.2.4 (#848) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.0 to 1.2.4.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.0. ..v1.2. 4) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump codecov/
codecov- action from 1 to 3 (#849) Bumps [codecov/
codecov- action] (https:/ /github. com/codecov/ codecov- action) from 1 to 3.
- [Release notes](https://github. com/codecov/ codecov- action/ releases)
- [Changelog](https://github. com/codecov/ codecov- action/ blob/main/ CHANGELOG. md)
- [Commits](https://github. com/codecov/ codecov- action/ compare/ v1...v3) ---
updated-dependencies:
- dependency-name: codecov/codecov- action
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Work with invalid JWT buffers better (#851)
* Work with invalid JWT buffers better
* spelling
* Update Changes
* typo
* Tweak Changes
* Update Changes
* Bump github.
com/goccy/ go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.9.11 to 0.10.0.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.9.11. ..v0.10. 0) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.
com/lestrrat- go/option] (https:/ /github. com/lestrrat- go/option) from 1.0.0 to 1.0.1.
- [Release notes](https://github. com/lestrrat- go/option/ releases)
- [Commits](https://github. com/lestrrat- go/option/ compare/ v1.0.0. ..v1.0. 1) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/option
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump actions/stale from 6 to 7 (#859)
Bumps [actions/stale](https:/
/github. com/actions/ stale) from 6 to 7.
- [Release notes](https://github. com/actions/ stale/releases)
- [Changelog](https://github. com/actions/ stale/blob/ main/CHANGELOG. md)
- [Commits](https://github. com/actions/ stale/compare/ v6...v7) ---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Tweak v2 tests (#863)
* Port changes from #862
* Actually report errors
* fix expected result
* Unbeknownst to me, benchstat seems to have changed
* Update Contribution Guidelines
* Fix generated header file comments (#867)
The generated file header should match regexp:
^// Code generated .* DO NOT EDIT\.$See https:/
/golang. org/s/generated code. * Remove unused variables in ReadFile (#866)
* Bump kentaro-
m/auto- assign- action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.4 to 1.2.5.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.4. ..v1.2. 5) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Update tool deps (#869)
* Try updating tools for genjwt
* Update genjws
* Update genjwe
* Update genjwk
* Update genjwa
* Update genjwk
* Updage genoptions
* Update genreadfile
* Fix PEM armor for EC private keys when encoding (#876)
* Incorporate #875
* Test PEM roundtrip for other key types
* Use more constants
* Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.0.0-202204271 72511-eb4f295cb 31f to 0.6.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ commits/ v0.6.0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 (#873) * Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 Bumps [github.
com/stretchr/ testify] (https:/ /github. com/stretchr/ testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github. com/stretchr/ testify/ releases)
- [Commits](https://github. com/stretchr/ testify/ compare/ v1.8.1. ..v1.8. 2) ---
updated-dependencies:
- dependency-name: github.com/stretchr/ testify
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Create codeql.yml
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ compare/ v0.6.0. ..v0.7. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run go get and make tidy
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Add bazel support (#880)
* Attempt to enable bazel
* enable bazel building in smoke tests too
* tweak order
* Add explicit imports
* Add deps.bzl
* remove unused file reference
* Add missing BUILD file
* Add missing BUILD file
* add missing BUILD.bazel files
* add .bazelversion
* Add aspect presets
* Update Changes/README
* Create an auto-merge action for dependabot (#884)
* Create an auto-merge action for dependabot
* approve and merge
* indent
* Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 (#882) * Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.0 to 0.10.1.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.0. ..v0.10. 1) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Fix jwk cache docs (#885)
* Fix example comment
* Upon re-reading, this sentence does not need to exist
* autodoc updates (#886)
Co-authored-by: lestrrat <email address hidden>
* Bump actions/setup-go from 3 to 4 (#887)
Bumps [actions/setup-go](https:/
/github. com/actions/ setup-go) from 3 to 4.
- [Release notes](https://github. com/actions/ setup-go/ releases)
- [Commits](https://github. com/actions/ setup-go/ compare/ v3...v4) ---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Allow "none" algorithm when signing with explicit option (#890)
* Add test case for #888
* Catch the use of "none" when used in conjunction with jws.WithKey
* first pass implementing (jwt/jws).Sign that allows alg="none"
* regenerate jwt options
* appease linter
* Check for jws.Sign/Verify
* OK to _sign_ using `none`, but no verification
* Tweak Changes
* typo (#893)
* Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 (#892) * Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.1 to 0.10.2.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.1. ..v0.10. 2) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Bump github.
com/goccy/ go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.9.11 to 0.10.0.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.9.11. ..v0.10. 0) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump github.
com/lestrrat- go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.
com/lestrrat- go/option] (https:/ /github. com/lestrrat- go/option) from 1.0.0 to 1.0.1.
- [Release notes](https://github. com/lestrrat- go/option/ releases)
- [Commits](https://github. com/lestrrat- go/option/ compare/ v1.0.0. ..v1.0. 1) ---
updated-dependencies:
- dependency-name: github.com/lestrrat- go/option
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump actions/stale from 6 to 7 (#859)
Bumps [actions/stale](https:/
/github. com/actions/ stale) from 6 to 7.
- [Release notes](https://github. com/actions/ stale/releases)
- [Changelog](https://github. com/actions/ stale/blob/ main/CHANGELOG. md)
- [Commits](https://github. com/actions/ stale/compare/ v6...v7) ---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Tweak v2 tests (#863)
* Port changes from #862
* Actually report errors
* fix expected result
* Unbeknownst to me, benchstat seems to have changed
* Update Contribution Guidelines
* Fix generated header file comments (#867)
The generated file header should match regexp:
^// Code generated .* DO NOT EDIT\.$See https:/
/golang. org/s/generated code. * Remove unused variables in ReadFile (#866)
* Bump kentaro-
m/auto- assign- action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.4 to 1.2.5.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.4. ..v1.2. 5) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Update tool deps (#869)
* Try updating tools for genjwt
* Update genjws
* Update genjwe
* Update genjwk
* Update genjwa
* Update genjwk
* Updage genoptions
* Update genreadfile
* Fix PEM armor for EC private keys when encoding (#876)
* Incorporate #875
* Test PEM roundtrip for other key types
* Use more constants
* Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-202204271
72511-eb4f295cb 31f to 0.6.0 Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.0.0-202204271 72511-eb4f295cb 31f to 0.6.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ commits/ v0.6.0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 (#873) * Bump github.
com/stretchr/ testify from 1.8.1 to 1.8.2 Bumps [github.
com/stretchr/ testify] (https:/ /github. com/stretchr/ testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github. com/stretchr/ testify/ releases)
- [Commits](https://github. com/stretchr/ testify/ compare/ v1.8.1. ..v1.8. 2) ---
updated-dependencies:
- dependency-name: github.com/stretchr/ testify
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* run appropriate `go get` and `go mod tidy` all over
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
* Create codeql.yml
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877)
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0
Bumps [golang.
org/x/crypto] (https:/ /github. com/golang/ crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github. com/golang/ crypto/ releases)
- [Commits](https://github. com/golang/ crypto/ compare/ v0.6.0. ..v0.7. 0) ---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update: semver- minor
...Signed-off-by: dependabot[bot] <email address hidden>
* run go get and make tidy
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Add bazel support (#880)
* Attempt to enable bazel
* enable bazel building in smoke tests too
* tweak order
* Add explicit imports
* Add deps.bzl
* remove unused file reference
* Add missing BUILD file
* Add missing BUILD file
* add missing BUILD.bazel files
* add .bazelversion
* Add aspect presets
* Update Changes/README
* Create an auto-merge action for dependabot (#884)
* Create an auto-merge action for dependabot
* approve and merge
* indent
* Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 (#882) * Bump github.
com/goccy/ go-json from 0.10.0 to 0.10.1 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.0 to 0.10.1.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.0. ..v0.10. 1) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel gazelle-
update- repos ---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Fix jwk cache docs (#885)
* Fix example comment
* Upon re-reading, this sentence does not need to exist
* autodoc updates (#886)
Co-authored-by: lestrrat <email address hidden>
* Bump actions/setup-go from 3 to 4 (#887)
Bumps [actions/setup-go](https:/
/github. com/actions/ setup-go) from 3 to 4.
- [Release notes](https://github. com/actions/ setup-go/ releases)
- [Commits](https://github. com/actions/ setup-go/ compare/ v3...v4) ---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Allow "none" algorithm when signing with explicit option (#890)
* Add test case for #888
* Catch the use of "none" when used in conjunction with jws.WithKey
* first pass implementing (jwt/jws).Sign that allows alg="none"
* regenerate jwt options
* appease linter
* Check for jws.Sign/Verify
* OK to _sign_ using `none`, but no verification
* Tweak Changes
* typo (#893)
* Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 (#892) * Bump github.
com/goccy/ go-json from 0.10.1 to 0.10.2 Bumps [github.
com/goccy/ go-json] (https:/ /github. com/goccy/ go-json) from 0.10.1 to 0.10.2.
- [Release notes](https://github. com/goccy/ go-json/ releases)
- [Changelog](https://github. com/goccy/ go-json/ blob/master/ CHANGELOG. md)
- [Commits](https://github. com/goccy/ go-json/ compare/ v0.10.1. ..v0.10. 2) ---
updated-dependencies:
- dependency-name: github.com/goccy/ go-json
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
* Run make tidy + bazel
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Daisuke Maki <email address hidden>* Update Changes
---------
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com>
Co-authored-by: Oleksandr Redko <email address hidden>
Co-authored-by: Mitsuo Heijo <email address hidden>
Co-authored-by: github-actions[bot] <41898282+github- actions[ bot]@users. noreply. github. com>
Co-authored-by: lestrrat <email address hidden> - 7803b82... by lestrrat <email address hidden>
-
merge develop/v2 to v2 (#853)
* Update deps
* Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841)
* Protect jws.Verify() from panic on go1.19+
* Same problem, but in jwe
* Update Changes
* fix example (#843)
I have a feeling we inadvertently reverted some commit
* Action updates, doc tweaks (#844)
* Use tparse (#845)
* Use tparse
* s/all/alltags/
* fix typo (#846)
* fix typo (#847)
* Bump kentaro-
m/auto- assign- action from 1.2.0 to 1.2.4 (#848) Bumps [kentaro-
m/auto- assign- action] (https:/ /github. com/kentaro- m/auto- assign- action) from 1.2.0 to 1.2.4.
- [Release notes](https://github. com/kentaro- m/auto- assign- action/ releases)
- [Commits](https://github. com/kentaro- m/auto- assign- action/ compare/ v1.2.0. ..v1.2. 4) ---
updated-dependencies:
- dependency-name: kentaro-m/auto- assign- action
dependency-type: direct:production
update-type: version-update: semver- patch
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Bump codecov/
codecov- action from 1 to 3 (#849) Bumps [codecov/
codecov- action] (https:/ /github. com/codecov/ codecov- action) from 1 to 3.
- [Release notes](https://github. com/codecov/ codecov- action/ releases)
- [Changelog](https://github. com/codecov/ codecov- action/ blob/main/ CHANGELOG. md)
- [Commits](https://github. com/codecov/ codecov- action/ compare/ v1...v3) ---
updated-dependencies:
- dependency-name: codecov/codecov- action
dependency-type: direct:production
update-type: version-update: semver- major
...Signed-off-by: dependabot[bot] <email address hidden>
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> * Work with invalid JWT buffers better (#851)
* Work with invalid JWT buffers better
* spelling
* Update Changes
* typo
* Tweak Changes
* Update Changes
Signed-off-by: dependabot[bot] <email address hidden>
Co-authored-by: dependabot[bot] <49699333+dependabot[ bot]@users. noreply. github. com> - 6e8e918... by Daisuke Maki <email address hidden>
-
Merge branch 'develop/v2' into v2
- 9eb25df... by Thomas Fossati <email address hidden>
-
a couple of typos (#822)
