xmidt-org / themis

This is a JWT Issuer for the Xmidt service
Apache License 2.0
4 stars 10 forks source link

chore(deps): bump github.com/lestrrat-go/jwx from 1.2.29 to 1.2.30 #237

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps github.com/lestrrat-go/jwx from 1.2.29 to 1.2.30.

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.30

v1.2.30 28 Jul 2024
  * Update minimum required go version to 1.20
  * Update tests so that they work on 32-bit systems
Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.30 28 Jul 2024

  • Update minimum required go version to 1.20
  • Update tests so that they work on 32-bit systems
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
guardrails[bot] commented 3 months ago

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity | Details :-: | :-- High | [pkg:golang/github.com/lestrrat-go/jwx@v1.2.30](https://github.com/xmidt-org/themis/blob/b6e29ea0eed12ed415b1fa4213419bc2136a0597/go.mod#L12) upgrade to: *> v1.2.30* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

codecov[bot] commented 3 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 54.84%. Comparing base (db893c0) to head (b6e29ea). Report is 46 commits behind head on main.

:exclamation: There is a different number of reports uploaded between BASE (db893c0) and HEAD (b6e29ea). Click for more details.

HEAD has 1 upload less than BASE | Flag | BASE (db893c0) | HEAD (b6e29ea) | |------|------|------| |unittests|2|1|
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #237 +/- ## =========================================== - Coverage 78.55% 54.84% -23.72% =========================================== Files 35 54 +19 Lines 1562 1942 +380 =========================================== - Hits 1227 1065 -162 - Misses 308 849 +541 - Partials 27 28 +1 ``` | [Flag](https://app.codecov.io/gh/xmidt-org/themis/pull/237/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=xmidt-org) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/xmidt-org/themis/pull/237/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=xmidt-org) | `54.84% <ø> (-23.72%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=xmidt-org#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.