Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update v2 #894

Merged
merged 69 commits into from
Mar 21, 2023
Merged

Update v2 #894

merged 69 commits into from
Mar 21, 2023

Conversation

lestrrat
Copy link
Collaborator

No description provided.

lestrrat and others added 30 commits November 15, 2022 11:09
@lestrrat
Update deps
a6e06cd
@lestrrat
Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841)
fd33b62 
* Protect jws.Verify() from panic on go1.19+

* Same problem, but in jwe
@lestrrat
Update Changes
30a75e4
@lestrrat
fix example (#843)
ea0db55 
I have a feeling we inadvertently reverted some commit
@lestrrat
Action updates, doc tweaks (#844)
1497ca2
@lestrrat
Use tparse (#845)
7a639ec 
* Use tparse

* s/all/alltags/
@lestrrat
fix typo (#846)
2924649
@lestrrat
fix typo (#847)
2e97587
@dependabot
Bump kentaro-m/auto-assign-action from 1.2.0 to 1.2.4 (#848)
cd62733 
Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.0 to 1.2.4.
- [Release notes](https://github.com/kentaro-m/auto-assign-action/releases)
- [Commits](kentaro-m/auto-assign-action@v1.2.0...v1.2.4)

---
updated-dependencies:
- dependency-name: kentaro-m/auto-assign-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump codecov/codecov-action from 1 to 3 (#849)
dac7ce3 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v1...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@lestrrat
Work with invalid JWT buffers better (#851)
7e0614f 
* Work with invalid JWT buffers better

* spelling

* Update Changes
@lestrrat
typo
2895e80
@lestrrat
Tweak Changes
7592a5d
@lestrrat
Update Changes
f64b7ab
@dependabot
Bump github.com/goccy/go-json from 0.9.11 to 0.10.0 (#855)
14f6c97 
Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.11 to 0.10.0.
- [Release notes](https://github.com/goccy/go-json/releases)
- [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md)
- [Commits](goccy/go-json@v0.9.11...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-json
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump github.com/lestrrat-go/option from 1.0.0 to 1.0.1 (#858)
1e1ba10 
Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/lestrrat-go/option/releases)
- [Commits](lestrrat-go/option@v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/option
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/stale from 6 to 7 (#859)
1ebf196 
Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v6...v7)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@lestrrat
Tweak v2 tests (#863)
8dea47c 
* Port changes from #862

* Actually report errors

* fix expected result
@lestrrat
Unbeknownst to me, benchstat seems to have changed
1e593bf
@lestrrat
Update Contribution Guidelines
4e86f0c
@alexandear
Fix generated header file comments (#867)
a11fc40 
The generated file header should match regexp:
^// Code generated .* DO NOT EDIT\.$

See https://golang.org/s/generatedcode.
@johejo
Remove unused variables in ReadFile (#866)
c4e548a
@dependabot
Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 (#868)
75f50a1 
Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5.
- [Release notes](https://github.com/kentaro-m/auto-assign-action/releases)
- [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5)

---
updated-dependencies:
- dependency-name: kentaro-m/auto-assign-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@lestrrat
Update tool deps (#869)
defd35c 
* Try updating tools for genjwt

* Update genjws

* Update genjwe

* Update genjwk

* Update genjwa

* Update genjwk

* Updage genoptions

* Update genreadfile
@lestrrat
Fix PEM armor for EC private keys when encoding (#876)
dffce69 
* Incorporate #875

* Test PEM roundtrip for other key types

* Use more constants
@dependabot @lestrrat
Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.…
59d501b 
…6.0 (#871)

* Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/commits/v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* run appropriate `go get` and `go mod tidy` all over

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@dependabot @lestrrat
Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#873)
5fe21f1 
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* run appropriate `go get` and `go mod tidy` all over

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@lestrrat
Update Changes
a7f2a80
@lestrrat
Create codeql.yml
e3e78f3
@dependabot @lestrrat
Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877)
a7691cb 
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](golang/crypto@v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* run go get and make tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
dependabot bot and others added 27 commits March 21, 2023 12:18
@dependabot @lestrrat
Bump github.com/lestrrat-go/option from 1.0.0 to 1.0.1 (#858)
d8c8ab7 
Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/lestrrat-go/option/releases)
- [Commits](lestrrat-go/option@v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/option
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @lestrrat
Bump actions/stale from 6 to 7 (#859)
390d389 
Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v6...v7)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@lestrrat
Tweak v2 tests (#863)
a7a5f7a 
* Port changes from #862

* Actually report errors

* fix expected result
@lestrrat
Unbeknownst to me, benchstat seems to have changed
e279339
@lestrrat
Update Contribution Guidelines
65b0d85
@alexandear @lestrrat
Fix generated header file comments (#867)
8dd81b1 
The generated file header should match regexp:
^// Code generated .* DO NOT EDIT\.$

See https://golang.org/s/generatedcode.
@johejo @lestrrat
Remove unused variables in ReadFile (#866)
c56c192
@dependabot @lestrrat
Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 (#868)
bc3dcd1 
Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5.
- [Release notes](https://github.com/kentaro-m/auto-assign-action/releases)
- [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5)

---
updated-dependencies:
- dependency-name: kentaro-m/auto-assign-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@lestrrat
Update tool deps (#869)
9055eec 
* Try updating tools for genjwt

* Update genjws

* Update genjwe

* Update genjwk

* Update genjwa

* Update genjwk

* Updage genoptions

* Update genreadfile
@lestrrat
Fix PEM armor for EC private keys when encoding (#876)
8a4b6c8 
* Incorporate #875

* Test PEM roundtrip for other key types

* Use more constants
@dependabot @lestrrat
Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.…
92228a3 
…6.0 (#871)

* Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/commits/v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* run appropriate `go get` and `go mod tidy` all over

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@dependabot @lestrrat
Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#873)
a04ab16 
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* run appropriate `go get` and `go mod tidy` all over

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@lestrrat
Update Changes
4ab5640
@lestrrat
Create codeql.yml
9458d83
@dependabot @lestrrat
Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877)
700f04f 
* Bump golang.org/x/crypto from 0.6.0 to 0.7.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](golang/crypto@v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* run go get and make tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@lestrrat
Add bazel support (#880)
2b8e5b4 
* Attempt to enable bazel

* enable bazel building in smoke tests too

* tweak order

* Add explicit imports

* Add deps.bzl

* remove unused file reference

* Add missing BUILD file

* Add missing BUILD file

* add missing BUILD.bazel files

* add .bazelversion

* Add aspect presets
@lestrrat
Update Changes/README
8d48d03
@lestrrat
Create an auto-merge action for dependabot (#884)
632b283 
* Create an auto-merge action for dependabot

* approve and merge

* indent
@dependabot @lestrrat
Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 (#882)
6d32357 
* Bump github.com/goccy/go-json from 0.10.0 to 0.10.1

Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.0 to 0.10.1.
- [Release notes](https://github.com/goccy/go-json/releases)
- [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md)
- [Commits](goccy/go-json@v0.10.0...v0.10.1)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run make tidy + bazel gazelle-update-repos

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@lestrrat
Fix jwk cache docs (#885)
db8f3fb 
* Fix example comment

* Upon re-reading, this sentence does not need to exist
@github-actions @lestrrat
autodoc updates (#886)
1c722ba 
Co-authored-by: lestrrat <lestrrat@users.noreply.github.com>
@dependabot @lestrrat
Bump actions/setup-go from 3 to 4 (#887)
5bb8b9d 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@lestrrat
Allow "none" algorithm when signing with explicit option (#890)
85b9b60 
* Add test case for #888

* Catch the use of "none" when used in conjunction with jws.WithKey

* first pass implementing (jwt/jws).Sign that allows alg="none"

* regenerate jwt options

* appease linter

* Check for jws.Sign/Verify

* OK to _sign_ using `none`, but no verification

* Tweak Changes
@lestrrat
typo (#893)
72b97f8
@dependabot @lestrrat
Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 (#892)
f0fa373 
* Bump github.com/goccy/go-json from 0.10.1 to 0.10.2

Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.1 to 0.10.2.
- [Release notes](https://github.com/goccy/go-json/releases)
- [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md)
- [Commits](goccy/go-json@v0.10.1...v0.10.2)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run make tidy + bazel

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>
@lestrrat
Update Changes
4a83af0
@lestrrat
Merge branch 'fix' into develop/v2
16ae1e9
@github-advanced-security
Copy link

You have successfully added a new CodeQL configuration /language:go. As part of the setup process, we have scanned this repository and found 5 existing alerts. Please check the repository Security tab to see all alerts.

@codecov
Copy link

codecov bot commented Mar 21, 2023
edited
Loading

Codecov Report

Merging #894 (16ae1e9) into v2 (43ca140) will decrease coverage by 0.08%.
The diff coverage is 73.98%.

@@            Coverage Diff             @@
##               v2     #894      +/-   ##
==========================================
- Coverage   71.78%   71.70%   -0.08%     
==========================================
  Files          90       92       +2     
  Lines        9662    13280    +3618     
==========================================
+ Hits         6936     9523    +2587     
- Misses       1928     2941    +1013     
- Partials      798      816      +18
Impacted Files Coverage Δ
formatkind_string_gen.go 100.00% <ø> (ø)
internal/json/goccy.go 100.00% <ø> (ø)
jwa/compression_gen.go 100.00% <ø> (ø)
jwa/content_encryption_gen.go 100.00% <ø> (ø)
jwa/elliptic_gen.go 100.00% <ø> (ø)
jwa/key_encryption_gen.go 100.00% <ø> (ø)
jwa/key_type_gen.go 100.00% <ø> (ø)
jwa/secp2561k.go 100.00% <ø> (ø)
jwa/signature_gen.go 100.00% <ø> (ø)
jwe/compress.go 0.00% <0.00%> (ø)
... and 60 more

... and 22 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@lestrrat lestrrat merged commit fccc524 into v2 Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lestrrat @alexandear @johejo