chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.4 to 2.0.6 in /spi/gnap

[dependabot[bot]]

Bumps github.com/lestrrat-go/jwx/v2 from 2.0.4 to 2.0.6.

Release notes

Sourced from github.com/lestrrat-go/jwx/v2's releases.

v2.0.6

v2.0.6 - 25 Aug 2022
[Bug fixes][Security]
  * [jwe] Agreement Party UInfo and VInfo (apv/apu) were not properly being
    passed to the functions to compute the aad when encrypting using ECDH-ES
    family of algorithms. Therefore, when using apu/apv, messages encrypted
    via this module would have failed to be properly decrypted.
Please note that bogus encrypted messages would not have succeed being
decrypted (i.e. this problem does not allow spoofed messages to be decrypted).
Therefore this would not have caused unwanted data to to creep in --
however it did pose problems for data to be sent and decrypted from this module
when using ECDH-ES with apu/apv.

While not extensively tested, we believe this regression was introduced
with the v2 release.

v2.0.5

v2.0.5 - 11 Aug 2022
[Bug fixes]
  * [jwt] Remove stray debug log
  * [jwk] Fix x5u field name, caused by a typo
  * [misc] Update golangci-lint action to v3; v2 was causing weird problems

Changelog

Sourced from github.com/lestrrat-go/jwx/v2's changelog.

v2.0.6 - 25 Aug 2022 [Bug fixes][Security]

• [jwe] Agreement Party UInfo and VInfo (apv/apu) were not properly being passed to the functions to compute the aad when encrypting using ECDH-ES family of algorithms. Therefore, when using apu/apv, messages encrypted via this module would have failed to be properly decrypted.

  Please note that bogus encrypted messages would not have succeed being decrypted (i.e. this problem does not allow spoofed messages to be decrypted). Therefore this would not have caused unwanted data to to creep in -- however it did pose problems for data to be sent and decrypted from this module when using ECDH-ES with apu/apv.

  While not extensively tested, we believe this regression was introduced with the v2 release.

v2.0.5 - 11 Aug 2022 [Bug fixes]

• [jwt] Remove stray debug log
• [jwk] Fix x5u field name, caused by a typo
• [misc] Update golangci-lint action to v3; v2 was causing weird problems

Commits

• 9295064 Merge develop/v2 for release (#805)
• c599c15 Merge branch 'develop/v2' into v2
• 8ff664e Fix typo in x5u field name (#790)
• ec54ec4 remove unnecessary logging (#783)
• c87e46f Update Changes
• ec33e8d Update Changes
• 364a7b0 Bump github.com/lestrrat-go/httprc to v1.0.4 (#781)
• 93aca2a bump github.com/goccy/go-json to 0.9.10 (#779)
• a14f349 Add options to control time truncation (#777)
• 34b7a64 fix out of bounds check (#774)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

Merging #287 (2561a79) into main (edf6413) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #287   +/-   ##
=======================================
  Coverage   87.83%   87.83%           
=======================================
  Files          22       22           
  Lines        2623     2623           
=======================================
  Hits         2304     2304           
  Misses        210      210           
  Partials      109      109           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.