Bump jwt from 2.4.1 to 2.5.0 (!242) · Merge requests · ddr / ddr-public

libautomation requested to merge dependabot/bundler/jwt-2.5.0 into main Aug 30, 2022

Bumps jwt from 2.4.1 to 2.5.0.

Changelog

v2.5.0 (2022-08-25)

Full Changelog

Features:

Support JWK thumbprints as key ids #481 (@anakinj).

Support OpenSSL >= 3.0 #496 (@anakinj).

Fixes and enhancements:

Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).

Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).

New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).

Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).

Commits

b1b5250 Bump version to 2.5.0
a3c52ba Explicit loading of jwt/version to make it available for a built gem
0e7dcfa Fix and mark HMAC tests with empty secret as pending for openssl 3.0
fc4919a Changelog entry for the openssl 3.0 support
62e2a33 EC keys and openssl 3.0 support
e892a7e More readable CI job names
293ef90 Create RSA key by importing the parameters in DER format
e92cea3 Run tests on ubuntu 22 with openssl 3.0
7c29ccd Fix NoMethodError when a 2 segment token is missing 'alg' header
b79e4b5 Stop using the term invalidate to not assume the app always has a cache
Additional commits viewable in compare view

Bump jwt from 2.4.1 to 2.5.0

v2.5.0 (2022-08-25)

Merge request reports