v1.0.6 17 Dec 2020
* Fix ECDHES ciphers where padding in AAD et al was creating
incomptabile values with jose tool
* Also fix ECDH-ES cek handling ([#248](https://github.com/lestrrat-go/jwx/issues/248))
* Implement direct key encoding ([#213](https://github.com/lestrrat-go/jwx/issues/213), [#249](https://github.com/lestrrat-go/jwx/issues/249))
* Allow JWT tokens to use default JWK if only one key is given
and the JWT does not necessarily specifies a key ([#214](https://github.com/lestrrat-go/jwx/issues/214))
* Deprecate jwt.Verify and introduce jwt.Validate. JWS verification
used the term Verify, which was confusing when users wanted to
validate the JWT token itself. ([#220](https://github.com/lestrrat-go/jwx/issues/220))
* JWT library optins have been explicitly typed as ValidationOption
and ParseOption ([#220](https://github.com/lestrrat-go/jwx/issues/220), [#223](https://github.com/lestrrat-go/jwx/issues/223))
* Add jwx.DecoderSettings and jwx.WithUseNumber option to globally
change how jwx parses JSON objects ([#222](https://github.com/lestrrat-go/jwx/issues/222))
* Encode x5c field as base64 with padding ([#244](https://github.com/lestrrat-go/jwx/issues/244))
* Add more interoperability tests against jose tool.
* Special thanks to anatol and imirkin!
Allow JWT tokens to use default JWK if only one key is given
and the JWT does not necessarily specifies a key (#214)
Deprecate jwt.Verify and introduce jwt.Validate. JWS verification
used the term Verify, which was confusing when users wanted to
validate the JWT token itself. (#220)
JWT library optins have been explicitly typed as ValidationOption
and ParseOption (#220)
Add jwx.DecoderSettings and jwx.WithUseNumber option to globally
change how jwx parses JSON objects (#222)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps github.com/lestrrat-go/jwx from 1.0.5 to 1.0.6.
Release notes
Sourced from github.com/lestrrat-go/jwx's releases.
Changelog
Sourced from github.com/lestrrat-go/jwx's changelog.
Commits
d4cb665
Update Changes90ea9b5
Merge pull request #249 from imirkin/direct6d30953
README: Remove references to jwe being incomplete5378a7f
jwe: add DIRECT encryption supportd8abaad
Merge pull request #248 from imirkin/ecdh-es40b06b4
Merge pull request #246 from imirkin/misc-fixesfedc2c7
jwe: re-enable ECDH-ES, fix cek determination logicdfa17eb
jwk/ecdsa: make sure that the key parameters have proper padding2ed99a5
jwe: ensure we always generate appropriate content encryption key sizesf786eda
jwe: make sure to pad up z value in kdf inputDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)