merge for v2.0.10 #932

lestrrat · 2023-06-12T06:26:30Z

Fix history... boy, what a mess

* Protect jws.Verify() from panic on go1.19+ * Same problem, but in jwe

I have a feeling we inadvertently reverted some commit

* Use tparse * s/all/alltags/

Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.0 to 1.2.4. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.0...v1.2.4) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v1...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Work with invalid JWT buffers better * spelling * Update Changes

Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.11 to 0.10.0. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.9.11...v0.10.0) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/lestrrat-go/option/releases) - [Commits](lestrrat-go/option@v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/option dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Port changes from #862 * Actually report errors * fix expected result

The generated file header should match regexp: ^// Code generated .* DO NOT EDIT\.$ See https://golang.org/s/generatedcode.

Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Try updating tools for genjwt * Update genjws * Update genjwe * Update genjwk * Update genjwa * Update genjwk * Updage genoptions * Update genreadfile

* Incorporate #875 * Test PEM roundtrip for other key types * Use more constants

…6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

* Bump golang.org/x/crypto from 0.6.0 to 0.7.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * run go get and make tidy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

Co-authored-by: lestrrat <lestrrat@users.noreply.github.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add test case for #888 * Catch the use of "none" when used in conjunction with jws.WithKey * first pass implementing (jwt/jws).Sign that allows alg="none" * regenerate jwt options * appease linter * Check for jws.Sign/Verify * OK to _sign_ using `none`, but no verification * Tweak Changes

* Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.1 to 0.10.2. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.1...v0.10.2) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Run make tidy + bazel --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v7...v8) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump golang.org/x/crypto from 0.7.0 to 0.8.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Run bazel //:gazelle-update-repos --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

) * Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.1.0 to 4.2.0 Bumps [github.com/decred/dcrd/dcrec/secp256k1/v4](https://github.com/decred/dcrd) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/decred/dcrd/releases) - [Changelog](https://github.com/decred/dcrd/blob/master/CHANGES) - [Commits](decred/dcrd@blockchain/v4.1.0...dcrec/secp256k1/v4.2.0) --- updated-dependencies: - dependency-name: github.com/decred/dcrd/dcrec/secp256k1/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * run make tidy + bazel run //:gazelle-update-repos --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

Co-authored-by: lestrrat <lestrrat@users.noreply.github.com>

…911) * First pass at connecting jws.Register(Signer|Verifier) with jwa.RegisterXXX * Tweak CI * Tweak docs * fix docs * protect access to signer/verifierDB * Update Changes

* Enable segmentio/asm/base64 and some internal API for pluggable base64 * Enable asmbase64 in CI * Add missing commands * Update bazel repos

Fixed typo: convetion -> convention

* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](golang/crypto@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * run gaelle-update-repos --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Run gazelle-update-repos --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

* Implement SetGlobalFetcher * Avoid using atomic.Bool so that it works on older Gos * Appease GitHub code scanner * Bad ineffectual assignment * tweak docs * oops, wrong issue number

* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update bazel repos * use specific tparse * change minimum go version in smoke tet --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

* Implement jwe.KeyEncrypter and jwe.KeyDecrypter This allows users to specify a key who can encrypt/decrypt by itself, much like the built-in crypto.Signer interface. * Add experimental label to this feature

codecov · 2023-06-12T06:43:46Z

Codecov Report

Merging #932 (796b2a9) into v2 (43ca140) will decrease coverage by 0.25%.
The diff coverage is 72.27%.

@@            Coverage Diff             @@
##               v2     #932      +/-   ##
==========================================
- Coverage   71.78%   71.54%   -0.25%     
==========================================
  Files          90       93       +3     
  Lines        9662    13555    +3893     
==========================================
+ Hits         6936     9698    +2762     
- Misses       1928     3041    +1113     
- Partials      798      816      +18

Impacted Files	Coverage Δ
formatkind_string_gen.go	`100.00% <ø> (ø)`
internal/json/goccy.go	`100.00% <ø> (ø)`
jwa/secp2561k.go	`100.00% <ø> (ø)`
jwe/compress.go	`0.00% <0.00%> (ø)`
jwe/headers_gen.go	`66.01% <ø> (-1.71%)`	⬇️
jwe/internal/cipher/cipher.go	`62.06% <0.00%> (+1.67%)`	⬆️
jwe/io.go	`53.33% <ø> (+9.58%)`	⬆️
jwk/es256k.go	`100.00% <ø> (ø)`
jwk/io.go	`42.10% <ø> (-1.65%)`	⬇️
jwk/options_gen.go	`75.86% <ø> (+11.15%)`	⬆️
... and 63 more

... and 20 files with indirect coverage changes

lestrrat and others added 30 commits November 15, 2022 11:09

Update deps

a6e06cd

Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841)

fd33b62

* Protect jws.Verify() from panic on go1.19+ * Same problem, but in jwe

Update Changes

30a75e4

fix example (#843)

ea0db55

I have a feeling we inadvertently reverted some commit

Action updates, doc tweaks (#844)

1497ca2

Use tparse (#845)

7a639ec

* Use tparse * s/all/alltags/

fix typo (#846)

2924649

fix typo (#847)

2e97587

Work with invalid JWT buffers better (#851)

7e0614f

* Work with invalid JWT buffers better * spelling * Update Changes

typo

2895e80

Tweak Changes

7592a5d

Update Changes

f64b7ab

Tweak v2 tests (#863)

8dea47c

* Port changes from #862 * Actually report errors * fix expected result

Unbeknownst to me, benchstat seems to have changed

1e593bf

Update Contribution Guidelines

4e86f0c

Fix generated header file comments (#867)

a11fc40

The generated file header should match regexp: ^// Code generated .* DO NOT EDIT\.$ See https://golang.org/s/generatedcode.

Remove unused variables in ReadFile (#866)

c4e548a

Update tool deps (#869)

defd35c

* Try updating tools for genjwt * Update genjws * Update genjwe * Update genjwk * Update genjwa * Update genjwk * Updage genoptions * Update genreadfile

Fix PEM armor for EC private keys when encoding (#876)

dffce69

* Incorporate #875 * Test PEM roundtrip for other key types * Use more constants

Update Changes

a7f2a80

Create codeql.yml

e3e78f3

github-actions bot and others added 28 commits March 21, 2023 12:18

autodoc updates (#886)

1c722ba

Co-authored-by: lestrrat <lestrrat@users.noreply.github.com>

typo (#893)

72b97f8

Update Changes

4a83af0

Merge branch 'fix' into develop/v2

16ae1e9

tweak labels for dependabot (#899)

bb6e1b2

Fix typo in "jwt.WithAudience" comment (#908)

3f6b097

Precompute RSA key values so that tests succeed (#913)

0d936c8

Use a symmetric key for example purposes (#914)

4959f78

autodoc updates (#915)

74fd141

Co-authored-by: lestrrat <lestrrat@users.noreply.github.com>

Hook in jwa.RegisterXXX functions with jws.Register(Signer|Verifier) (#…

5090ec1

…911) * First pass at connecting jws.Register(Signer|Verifier) with jwa.RegisterXXX * Tweak CI * Tweak docs * fix docs * protect access to signer/verifierDB * Update Changes

Allow use of segmentio/asm/base64 (#916)

241434f

* Enable segmentio/asm/base64 and some internal API for pluggable base64 * Enable asmbase64 in CI * Add missing commands * Update bazel repos

Mention jwx_asmbase64 (#917)

971a021

Update README.md (#918)

9114235

Fixed typo: convetion -> convention

use proper function name (#921)

db80760

Implement jwk.SetGlobalFetcher (#929)

5f998ac

* Implement SetGlobalFetcher * Avoid using atomic.Bool so that it works on older Gos * Appease GitHub code scanner * Bad ineffectual assignment * tweak docs * oops, wrong issue number

Implement jwe.KeyEncrypter and jwe.KeyDecrypter (#925)

5eeb82e

* Implement jwe.KeyEncrypter and jwe.KeyDecrypter This allows users to specify a key who can encrypt/decrypt by itself, much like the built-in crypto.Signer interface. * Add experimental label to this feature

Update Changes

3ee87bd

Merge remote-tracking branch 'origin/v2' into v2-merge

796b2a9

lestrrat merged commit 8840ffd into v2 Jun 12, 2023
31 of 32 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

merge for v2.0.10 #932

merge for v2.0.10 #932

lestrrat commented Jun 12, 2023 •

edited

codecov bot commented Jun 12, 2023 •

edited

merge for v2.0.10 #932

merge for v2.0.10 #932

Conversation

lestrrat commented Jun 12, 2023 • edited

codecov bot commented Jun 12, 2023 • edited

Codecov Report

lestrrat commented Jun 12, 2023 •

edited

codecov bot commented Jun 12, 2023 •

edited