Fixed potential caching error in CachedKeySet by caching jwks as strings (#435)
v6.2.0
Features
Added Cached Key Sets (#397)!! See the README for usage instructions
Added $defaultAlg parameter to JWT::parseKey and JWT::parseKeySet (#426). This will allow users to parse JWKS which do not populate the alg parameter without having to manually edit the JSON.
Note: This technically breaks backwards compatibility, but it fixes a PHP Fatal error in the current release on JWT::decode which also broke backwards compatibility, so we hope it's justified 🤞
v6.1.0
Note: There should be no issues with backwards compatibility unless types were being used incorrectly
This version is compatible with PHP >= 7.1
Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
Add parameter typing and return types
Better PHPDoc / IDE support
v6.0.0
Note: This version is compatible with PHP >= 5.3
Backwards Compatibility Breaking Changes
The second argument of JWT::decode now must be Firebase\JWT\Key or array<string, Firebase\JWT\Key> (see #376)
The return type of Firebase\JWT\JWK::parseKey is now Firebase\JWT\Key (see #392)
The return type of Firebase\JWT\JWK::parseKeySet is now array<string, Firebase\JWT\Key> (see #376)
The "alg" parameter is required to be set for all JWKS parsed using Firebase\JWT\JWK::parseKeySet (see #376)
The flag JSON_UNESCAPED_SLASHES is now used for JSON decoding (see #376)
Constants ASN1_INTEGER, ASN1_SEQUENCE, and ASN1_BIT_STRING have been removed (see #376)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps firebase/php-jwt from 5.0.0 to 6.3.0.
Release notes
Sourced from firebase/php-jwt's releases.
... (truncated)
Commits
018dfc4
chore: prepare v6.3.0 (#441)608668e
chore: update changelog for v6.2.0 (#434)1494082
chore: misc cleanup (#439)607dcd4
fix: cache jwks as string in CachedKeySet (#435)c68f2a7
chore: fix styles and phpstan (#440)64ed2e5
feat: Add ES256 support to JWK (#399)d28e6df
feat: add defaultAlg param (#426)2308363
feat: add cached keyset (#397)6a6025b
chore: add cs config, fix git-attributes, removed unused entrypoint.sh (#424)0ac5041
chore: styles for short array and single quotes (#423)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)