v1.1.1 05 Feb 2021
[New features]
* Command line tool `jwx` has ben completely reworked, and it is
now actually useful.
JWKs can now be serialized into PEM files with ASN.1 DER format
data, which is useful when you need to work between JSON and PEM
data formats.
Constants in jwa package now have can be listed via functions
in each category.
jwe.Encrypt and jwe.Decrypt can now handle jwk.Key objects
v1.1.0
v1.1.0 31 Jan 2021
v1.1.0 is a release that attempts to fix as many of the quirky APIs
that survived the API breaking change of v0.9.x -> v1.0.0. This is
hopefully the last releases that change backwards compatibility
in a major way, at least for some time to come.
It is unfortunate that we need to introduce API changes, but we
keep learning how the library is being used and the pain points
of using this library. Most of the times these pain points are
things that we initially did not think about, which in turn
requires us to rethink of the API.
If you do not wish to spend the time fixing your usage, make sure
you have your go.mod set up to not automatically track the latest
changes.
However, if you do decide to use the latest version, we believe
the API is more uniform across packages, and generally is easier
to understand. We hope this library helps some of you out there.
[BREAKING CHANGES]
jwk.Parse(io.Reader), jws.Parse(io.Reader), jwt.Parse(io.Reader),
have all been changed to Parse([]byte). To use an io.Reader,
use ParseReader(io.Reader). jwe.Parse already took []byte, so
has not been changed.
With this change, all four package jwe, jwk, jws, and jwt follow
the same API design, which should make things easier to navigate:
Command line tool jwx has ben completely reworked, and it is
now actually useful.
JWKs can now be serialized into PEM files with ASN.1 DER format
data, which is useful when you need to work between JSON and PEM
data formats.
Constants in jwa package now have can be listed via functions
in each category.
jwe.Encrypt and jwe.Decrypt can now handle jwk.Key objects
v1.1.0 31 Jan 2021
v1.1.0 is a release that attempts to fix as many of the quirky APIs
that survived the API breaking change of v0.9.x -> v1.0.0. This is
hopefully the last releases that change backwards compatibility
in a major way, at least for some time to come.
It is unfortunate that we need to introduce API changes, but we
keep learning how the library is being used and the pain points
of using this library. Most of the times these pain points are
things that we initially did not think about, which in turn
requires us to rethink of the API.
If you do not wish to spend the time fixing your usage, make sure
you have your go.mod set up to not automatically track the latest
changes.
However, if you do decide to use the latest version, we believe
the API is more uniform across packages, and generally is easier
to understand. We hope this library helps some of you out there.
[BREAKING CHANGES]
jwk.Parse(io.Reader), jws.Parse(io.Reader), jwt.Parse(io.Reader),
have all been changed to Parse([]byte). To use an io.Reader,
use ParseReader(io.Reader). jwe.Parse already took []byte, so
has not been changed.
With this change, all four package jwe, jwk, jws, and jwt follow
the same API design, which should make things easier to navigate:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps github.com/lestrrat-go/jwx from 1.0.7 to 1.1.1.
Release notes
Sourced from github.com/lestrrat-go/jwx's releases.
... (truncated)
Changelog
Sourced from github.com/lestrrat-go/jwx's changelog.
... (truncated)
Commits
451a45c
Merge pull request #328 from lestrrat-go/topic/jwx-command528f34a
Update docs05678bc
I really don't want to add more dependencies to the main jwx module9593b54
Add jwa, jwe, more standardization across commands9ed58bc
Do not include invalid types43bae27
Add methods to retrieve all possible values4c24ea1
tweaksa246b17
rework some options496d8fe
Streamline interface, update docsa0d17db
Update READMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)