Added Cached Key Sets (#397)!! See the README for usage instructions
Added $allowedAlg parameter to JWT::parseKey and JWT::parseKeySet (#426). This will allow users to parse JWKS which do not populate the alg parameter without having to manually edit the JSON.
Note: This technically breaks backwards compatibility, but it fixes a PHP Fatal error in the current release on JWT::decode which also broke backwards compatibility, so we hope it's justified 🤞
v6.1.0
Note: There should be no issues with backwards compatibility unless types were being used incorrectly
This version is compatible with PHP >= 7.1
Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
Add parameter typing and return types
Better PHPDoc / IDE support
v6.0.0
Note: This version is compatible with PHP >= 5.3
Backwards Compatibility Breaking Changes
The second argument of JWT::decode now must be Firebase\JWT\Key or array<string, Firebase\JWT\Key> (see #376)
The return type of Firebase\JWT\JWK::parseKey is now Firebase\JWT\Key (see #392)
The return type of Firebase\JWT\JWK::parseKeySet is now array<string, Firebase\JWT\Key> (see #376)
The "alg" parameter is required to be set for all JWKS parsed using Firebase\JWT\JWK::parseKeySet (see #376)
The flag JSON_UNESCAPED_SLASHES is now used for JSON decoding (see #376)
Constants ASN1_INTEGER, ASN1_SEQUENCE, and ASN1_BIT_STRING have been removed (see #376)
JWT::encode requires third argument $alg (see #376)
Using Firebase\JWT\Key
Using the Key object in JWT::decode
As a security fix, to avoid key type confusion (see #351), use of Firebase\JWT\Key is now required when decoding:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps firebase/php-jwt from 5.0.0 to 6.2.0.
Release notes
Sourced from firebase/php-jwt's releases.
... (truncated)
Commits
d28e6dffeat: add defaultAlg param (#426)2308363feat: add cached keyset (#397)6a6025bchore: add cs config, fix git-attributes, removed unused entrypoint.sh (#424)0ac5041chore: styles for short array and single quotes (#423)c297139fix: revert add flag to force object (#420)e67638dfix: add flag to force object (#416)a57a898chore: add missing docblock param for $alg (#419)fbb2967chore: update CHANGELOG for v6.1.05bbc90cchore: add back timestamp var for compatibility (#412)52943f5feat: add back compatibility for >= PHP 7.1 (#405)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)