Update jwt 2.7.1 → 2.8.0 (minor)

[depfu[bot]]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ jwt (2.7.1 → 2.8.0) · Repo · Changelog

Release Notes

2.8.0

Full Changelog

Features:

• Updated rubocop to 1.56 #573 (@anakinj)
• Run CI on Ruby 3.3 #577 (@anakinj)
• Deprecation warning added for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) #575 (@anakinj)
• Stop using RbNaCl for standard HMAC algorithms #575 (@anakinj)

Fixes and enhancements:

• Fix signature has expired error if payload is a string #555 (@GobinathAL)
• Fix key base equality and spaceship operators #569 (@magneland)
• Remove explicit base64 require from x5c_key_finder #580 (@anakinj)
• Performance improvements and cleanup of tests #581 (@anakinj)
• Repair EC x/y coordinates when importing JWK #585 (@julik)
• Explicit dependency to the base64 gem #582 (@anakinj)
• Deprecation warning for decoding content not compliant with RFC 4648 #582 (@anakinj)
• Algorithms moved under the ::JWT::JWA module (@anakinj)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 32 commits:

• Version 2.8.0
• Adjust to changed exception message
• Algorithm cleanup.
• Deprecate the loose base64 decoding.
• Relocate changelog entry
• Relocate into constant
• Update changelog
• Remove unused method
• Apply Rubocop
• Add a good explainer
• Fix the bug
• Add a failing test
• Changelog entry
• Add missing RSpec module references to initial describe calls
• Move all specs under the jwt folder
• Improvements for key handling in specs:
• Fix requires for x5c_key_finder
• Run CI on Ruby 3.3
• Fix example code of x5c header in README
• Update CHANGELOG
• Add type check to key_base '<=>' operator
• Add type check to key_base '==' operator
• Remove rubocop exact version dependency from appraisal gemfiles
• Do not specify the desired rubocop version on older rubies
• Update to rubocop 1.56
• Pull request template
• Remove duplicate changelog header
• Prepare changelog for current iteration
• [spec] rspec to test that strings containing exp/nbf/iat are not
• verify whether the payload responds to key? when veriying claims
• follow rubocop standards
• fix signature has expired error if payload is a string

🆕 base64 (added, 0.2.0)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)