Bump github.com/lestrrat-go/jwx from 1.2.18 to 1.2.21

[dependabot[bot]]

Bumps github.com/lestrrat-go/jwx from 1.2.18 to 1.2.21.

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.21

v1.2.21 30 Mar 2022
[Bug fixes]
  * [jwk] RSA keys without p and q can now be parsed.

v1.2.20

v1.2.20 03 Mar 2022
[Miscellaneous]
  * Dependency on golang.org/x/crypto has been upgraded to
    v0.0.0-20220214200702-86341886e292 to address
    https://nvd.nist.gov/vuln/detail/CVE-2020-14040 ([#598](https://github.com/lestrrat-go/jwx/issues/598))

v1.2.19

v1.2.19 22 Feb 2022
[New Feature]
  * [jwk] jwk.Parse (and (jwk.AutoRefresh).Configure) can accept a new
    option `jwk.WithIgnoreParseError(bool)`, which allows users to ignore
    errors during parsing of each key contained in the JWKS, allowing
    you to "skip" invalid keys.
This option should not be used lightly, as it hides the presence of
possibly faulty keys. However, this can be an escape hatch if you are
faced with a faulty JWKS that you do not control.

Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.21 30 Mar 2022 [Bug fixes]

• [jwk] RSA keys without p and q can now be parsed.

v1.2.20 03 Mar 2022 [Miscellaneous]

• Dependency on golang.org/x/crypto has been upgraded to v0.0.0-20220214200702-86341886e292 to address https://nvd.nist.gov/vuln/detail/CVE-2020-14040 (#598)

v1.2.19 22 Feb 2022 [New Feature]

• [jwk] jwk.Parse (and (jwk.AutoRefresh).Configure) can accept a new option jwk.WithIgnoreParseError(bool), which allows users to ignore errors during parsing of each key contained in the JWKS, allowing you to "skip" invalid keys.

  This option should not be used lightly, as it hides the presence of possibly faulty keys. However, this can be an escape hatch if you are faced with a faulty JWKS that you do not control.

Commits

• 7b28f4c Update Changes
• 7c6d7e4 [v1] Backport #671 to v1 (#672)
• 941bb51 Create contribution guidelines (#659)
• 7b059a0 Bump github.com/goccy/go-json from 0.9.5 to 0.9.6 (#653)
• 0f4c0c3 Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#651)
• b88feb7 Update goccy/go-json and circl (#630)
• 3fa12c9 Update Changes
• 9128896 Update golang.org/x/crypto to upgrade x/text (#599)
• 1c0a87f Update Changes
• 74cf7c6 Switch error handling to fmt.Errorf for internal tools (#576)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Looks like github.com/lestrrat-go/jwx is up-to-date now, so this is no longer needed.