Skip to content
This repository has been archived by the owner on Dec 22, 2023. It is now read-only.

Bump jwt from 2.5.0 to 2.7.1 #567

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2023

Bumps jwt from 2.5.0 to 2.7.1.

Changelog

Sourced from jwt's changelog.

v2.7.1 (2023-06-09)

Full Changelog

Fixes and enhancements:

v2.7.0 (2023-02-01)

Full Changelog

Features:

Fixes and enhancements:

  • Fix issue with multiple keys returned by keyfinder and multiple allowed algorithms #545 (@​mpospelov)
  • Non-string kid header values are now rejected #543 (@​bellebaum)

v2.6.0 (2022-12-22)

Full Changelog

Features:

Fixes and enhancements:

  • Raise descriptive error on empty hmac_secret and OpenSSL 3.0/openssl gem <3.0.1 #530 (@​jonmchan).
Commits
  • 781fbd1 Bump version to 2.7.1
  • 7781a97 Do not raise error when verifying bad HMAC signature
  • 62f5fdb Handle invalid algorithm when decoding JWT
  • cd75890 Fix test assertion for exception message content
  • e5f5711 Move rescueing OpenSSL::PKey::PKeyError closer to the verification happens us...
  • d0978c1 Move SecurityUtils methods closer to the usage
  • 324941b Fix typo in README
  • 18abb5c Prepare next iteration
  • 53d857e Bump version to 2.7.0
  • d6ee141 JWK OKP Ed25519 support using rbnacl
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.5.0 to 2.7.1.
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)
- [Commits](jwt/ruby-jwt@v2.5.0...v2.7.1)

---
updated-dependencies:
- dependency-name: jwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 8, 2023
@EduardoAquinta
Copy link

@dependabot ignore this dependency

@dependabot dependabot bot closed this Dec 14, 2023
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 14, 2023

OK, I won't notify you about jwt again, unless you re-open this PR.

@dependabot dependabot bot deleted the dependabot/bundler/jwt-2.7.1 branch December 14, 2023 11:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant