Bump jwt from 2.2.1 to 2.2.3 #513

dependabot · 2021-05-03T05:42:32Z

Bumps jwt from 2.2.1 to 2.2.3.

Changelog

2.2.3 (2021-04-19)

Full Changelog

Implemented enhancements:

Verify algorithm before evaluating keyfinder #343

Why jwt depends on json < 2.0 ? #179

Support for JWK in-lieu of rsa_public #158

Fix rspec raise_error warning #413 (excpt)

Add support for JWKs with HMAC key type. #372 (phlegx)

Improve 'none' algorithm handling #365 (danleyden)

Handle parsed JSON JWKS input with string keys #348 (martinemde)

Allow Numeric values during encoding #327 (fanfilmu)

Closed issues:

"Signature verification raised", yet jwt.io says "Signature Verified" #401

truffleruby-head build is failing #396

JWT::JWK::EC needs require 'forwardable' #392

How to use a 'signing key' as used by next-auth #389

undefined method `verify' for nil:NilClass when validate a JWT with JWK #383

Make specifying "algorithm" optional on decode #380

ADFS created access tokens can't be validated due to missing 'kid' header #370

new version? #355

JWT gitlab OmniAuth provider setup support #354

Release with support for RSA.import for ruby < 2.4 hasn't been released #347

cannot load such file -- jwt #339

Merged pull requests:

Remove codeclimate code coverage dev dependency #414 (excpt)

Add forwardable dependency #408 (anakinj)

Ignore casing of algorithm #405 (johnnyshields)

Document function and add tests for verify claims method #404 (yasonk)

documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)

Target the master branch on the build status badge #399 (anakinj)

Improving the local development experience #397 (anakinj)

Fix sourcelevel broken links #395 (anakinj)

Don't recommend installing gem with sudo #391 (tjschuck)

Enable rubocop locally and on ci #390 (anakinj)

Ci and test cleanup #387 (anakinj)

Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)

Support JWKs for pre 2.3 rubies #382 (anakinj)

Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)

Add auth0 sponsor message #379 (excpt)

Adapt HMAC to JWK RSA code style. #378 (phlegx)

Disable Rails cops #376 (anakinj)

Support exporting RSA JWK private keys #375 (anakinj)

Ebert is SourceLevel nowadays #374 (anakinj)

... (truncated)

Commits

26ec020 Update AUTHORS
1dbddf4 Bump version to 2.2.3
52eac51 Update CHANGELOG.md
99e57d6 Fix ci pipeline
54744fa Remove codeclimate code coverage dev dependency
fb0cd41 Fix rspec raise_error warning
2cea14f Add forwardable dependency
f4925cd Improving the local development experience
9ba070e Revert casing of ED25519
ebd3fc9 Respond to comments
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.2.1 to 2.2.3. - [Release notes](https://github.com/jwt/ruby-jwt/releases) - [Changelog](https://github.com/jwt/ruby-jwt/blob/master/CHANGELOG.md) - [Commits](jwt/ruby-jwt@v2.2.1...v2.2.3) Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 3, 2021

dependabot bot changed the base branch from master to main May 19, 2021 14:10

dependabot bot force-pushed the dependabot/bundler/jwt-2.2.3 branch from 1dc6221 to e2afe04 Compare May 19, 2021 16:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump jwt from 2.2.1 to 2.2.3 #513

Bump jwt from 2.2.1 to 2.2.3 #513

dependabot bot commented on behalf of github May 3, 2021 •

edited

Bump jwt from 2.2.1 to 2.2.3 #513

Are you sure you want to change the base?

Bump jwt from 2.2.1 to 2.2.3 #513

Conversation

dependabot bot commented on behalf of github May 3, 2021 • edited

2.2.3 (2021-04-19)

dependabot bot commented on behalf of github May 3, 2021 •

edited