search

sebs-scholarship / Website

Repository for the SEBS Scholarship website
https://sebsscholarship.org
1 stars 1 forks source link

Bump firebase/php-jwt from 5.5.1 to 6.0.0 #151

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps firebase/php-jwt from 5.5.1 to 6.0.0.

Release notes

Sourced from firebase/php-jwt's releases.

v6.0.0

Backwards Compatibility Breaking Changes

  • The second argument of JWT::decode now must be Firebase\JWT\Key or array<string, Firebase\JWT\Key> (see #376)
  • The return type of Firebase\JWT\JWK::parseKey is now Firebase\JWT\Key (see #392)
  • The return type of Firebase\JWT\JWK::parseKeySet is now array<string, Firebase\JWT\Key> (see #376)
  • The JSON_UNESCAPED_SLASHES is now used for JSON decoding (see #376)
  • Constants ASN1_INTEGER, ASN1_SEQUENCE, and ASN1_BIT_STRING have been removed (see #376)
  • JWT::encode requires third argument $alg (see #376)

Using Firebase\JWT\Key

Using the Key object in JWT::decode

As a security fix, to avoid key type confusion (see #351), use of Firebase\JWT\Key is now required when decoding:

use Firebase\JWT\JWT;

// previous (v5.5.1 and below)
$decoded = JWT::decode($jwt, $publicKey, 'RS256');


// new (v6.0.0)
use Firebase\JWT\Key;
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));

Using the Key object in JWK::parseKey and JWK::parseKeySet

Calls to JWK::parseKey and JWK::parseKeySet now return a Key object and an array of Key objects respectively.

use Firebase\JWT\JWK;

// previous (v5.5.1 and below)
$key = JWK::parseKey($jwk); // $key is a resource
$keys = JWK::parseKeySet($jwks); // $keys is an associative array key ID to resources


// new (v6.0.0)
$key = JWK::parseKey($jwk); // $key is a Key object
$keys = JWK::parseKeySet($jwks); // $keys is an associative array of key ID to Key objects

Commits
  • 0541cba feat!: update return type for JWK methods (#392)
  • 8699eb9 chore: update changelog for v6.0.0 (#391)
  • edda0f9 feat!: require Key object, use JSON_UNESCAPED_SLASHES, remove constants (#376)
  • fbe6394 chore(docs): fix typo in README
  • 262f84c chore: switch main to master (#383)
  • 12ec2fe chore(docs): add throws DomainException for JWT::decode (#379)
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)