Update layer-identity_token: 0.1.0 → 0.3.0 (major)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ layer-identity_token (0.1.0 → 0.3.0) · Repo

Commits

See the full diff on Github.

Sorry, we couldn't find anything useful about this release.

↗️ jwt (indirect, 1.5.1 → 2.2.1) · Repo · Changelog

Release Notes

2.2.1

v2.2.1 (2019-05-24)

Full Changelog

Fixed bugs:

• need to require 'forwardable' to use Forwardable #316
• Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)

2.2.0

v2.2.0 (2019-03-20)

Full Changelog

Implemented enhancements:

• Use iat_leeway option #273
• Use of global state in latest version breaks thread safety of JWT.decode #268
• JSON support #246
• Change the Github homepage URL to https #301 (ekohl)
• Fix Salt length for conformance with PS family specification. #300 (tobypinder)
• Add support for Ruby 2.6 #299 (bustikiller)
• update homepage in gemspec to use HTTPS #298 (evgeni)
• Make sure alg parameter value isn't added twice #297 (korstiaan)
• Claims Validation #295 (jamesstonehill)
• JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
• Proposal of simple JWK support #289 (anakinj)
• Add RSASSA-PSS signature signing support #285 (oliver-hohn)
• Add note about using a hard coded algorithm in README #280 (revodoge)
• Add Appraisal support #278 (olbrich)
• Fix decode threading issue #269 (ab320012)
• Removed leeway from verify_iat #257 (ab320012)

Fixed bugs:

• Inconsistent handling of payload claim data types #282
• Use iat\_leeway option #273
• Issued at validation #247
• Fix bug and simplify segment validation #292 (anakinj)
• Removed leeway from verify\_iat #257 (ab320012)

Closed issues:

• RS256, public and private keys #291
• Allow passing current time to decode #288
• Verify exp claim without verifying jwt #281
• Decoding JWT with ES256 and secp256k1 curve #277
• Audience as an array - how to specify? #276
• signature validation using decode method for JWT #271
• JWT is easily breakable #267
• Ruby JWT Token #265
• ECDSA supported algorithms constant is defined as a string, not an array #264
• NoMethodError: undefined method `group' for <xxxxx> #261
• 'DecodeError'will replace 'ExpiredSignature' #260
• TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
• NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
• Get new token if curren token expired #256
• Infer algorithm from header #254
• Why is the result of decode is an array? #252
• Add support for headless token #251
• Leeway or exp_leeway #215
• Could you describe purpose of cert fixtures and their cryptokey lengths. #185

Merged pull requests:

• Misc config improvements #296 (jamesstonehill)
• Fix JSON conflict between #293 and #292 #294 (anakinj)
• Drop Ruby 2.2 from test matrix #290 (anakinj)
• Remove broken reek config #283 (excpt)
• Add missing test, Update common files #275 (excpt)
• Remove iat_leeway option #274 (wohlgejm)
• improving code quality of jwt module #266 (ab320012)
• fixed ECDSA supported versions const #263 (starbeast)
• Added my name to contributor list #262 (ab320012)
• Use Class\#new Shorthand For Error Subclasses #255 (akabiru)
• [CI] Test against Ruby 2.5 #253 (nicolasleger)
• Fix README #250 (rono23)
• Fix link format #248 (y-yagi)

2.1.0

2.1.0 (2017-10-06)

Full Changelog

Implemented enhancements:

• Ed25519 support planned? #217
• Verify JTI Proc #207
• Allow a list of algorithms for decode #241 (lautis)
• verify takes 2 params, second being payload closes: #207 #238 (ab320012)
• simplified logic for keyfinder #237 (ab320012)
• Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
• Support for ED25519 #229 (ab320012)

Fixed bugs:

• JWT.encode failing on encode for string #235
• The README says it uses an algorithm by default #226
• Fix string payload issue #236 (excpt)

Closed issues:

• Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
• Why doesn't the decode function use a default algorithm? #227

Merged pull requests:

• Update README.md #242 (excpt)
• Update ebert configuration #232 (excpt)
• added algos/strategy classes + structs for inputs #230 (ab320012)
• Add HS256 algorithm to decode default options #228 (madkin10)

2.0.0

Change Log

v2.0.0 (2017-09-03)

Full Changelog

Fixed bugs:

• Support versions outside 2.1 #209
• Verifying expiration without leeway throws exception #206
• Ruby interpreter warning #200
• TypeError: no implicit conversion of String into Integer #188
• Fix JWT.encode(nil) #203 (tmm1)

Closed issues:

• Possibility to disable claim verifications #222
• Proper way to verify Firebase id tokens #216

Merged pull requests:

• Skip 'exp' claim validation for array payloads #224 (excpt)
• Use a default leeway of 0 #223 (travisofthenorth)
• Fix reported codesmells #221 (excpt)
• Add fancy gem version badge #220 (excpt)
• Add missing dist option to .travis.yml #219 (excpt)
• Fix ruby version requirements in gemspec file #218 (excpt)
• Fix a little typo in the readme #214 (RyanBrushett)
• Update README.md #212 (zuzannast)
• Fix typo in HS512256 algorithm description #211 (ojab)
• Allow configuration of multiple acceptable issuers #210 (ojab)
• Enforce exp to be an Integer #205 (lucasmazza)
• ruby 1.9.3 support message upd #204 (maokomioko)
• Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)

1.5.6

Full Changelog

Fixed bugs:

• Fix missing symbol handling in aud verify code #166 (excpt)

Merged pull requests:

• Fix rubocop code smells #167 (excpt)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

• Merge pull request #318 from jwt/release/2.2.1
• Release 2.2.1
• Merge pull request #317 from jwt/issue/316
• Add forwardable dependency for JWK RSA KeyFinder

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

• Circle CI, Semaphore and Travis-CI are all excellent options.
• If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github.
• If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with depfu/.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)