Closed dependabot[bot] closed 7 months ago
VIOLATION DESCRIPTION | NUMBER OF VIOLATIONS |
---|---|
HIGH/CRITICAL SECURITY VULNERABILITIES | 0 |
MAJOR UPDATES AVAILABLE | 0 |
LICENSE REQUIRES REVIEW | 0 |
LICENSE RISK HIGH | 7 |
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY | 0 |
Superseded by #200.
Bumps the go_modules group group with 3 updates: github.com/go-jose/go-jose/v3, github.com/lestrrat-go/jwx/v2 and gopkg.in/go-jose/go-jose.v2.
Updates
github.com/go-jose/go-jose/v3
from 3.0.1 to 3.0.3Release notes
Sourced from github.com/go-jose/go-jose/v3's releases.
Changelog
Sourced from github.com/go-jose/go-jose/v3's changelog.
Commits
add6a28
v3: backport decompression limit fix (#107)11bb4e7
doc: in v3 branch's README, point to v4 as latest (#101)863f73b
v3.0.2: Update changelog (#95)bdbc794
Update golang.org/x/crypto to v0.19 (backport) (#94)25bce79
Updated go-jose v3.0.0 to v3.0.1 in jose-util (#70)aa386df
jwe/CompactSerialize: improve performance. (#67)053c9bf
DecryptMulti: handle decompression error (#19)ca9011b
Bump go version to 1.21.4 to satisfy govulncheck (#68)c8399df
Revert pull request #10 (multiple audiences) (#24)ec819e9
Add a security.md doc for contacting us about potential security vulnerabilit...Updates
github.com/lestrrat-go/jwx/v2
from 2.0.16 to 2.0.19Release notes
Sourced from github.com/lestrrat-go/jwx/v2's releases.
Changelog
Sourced from github.com/lestrrat-go/jwx/v2's changelog.
Commits
d69a721
v2.0.19 (#1051)e75b7c8
v2.0.18 (#1022)c02af3e
v2.0.17 (#1019)Updates
gopkg.in/go-jose/go-jose.v2
from 2.6.1 to 2.6.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show