Bump jwt from 2.10.1 to 2.10.2 #2426

Merged

dependabot[bot] merged 1 commits from dependabot/bundler/jwt-2.10.2 into main 2025-06-30 21:29:01 +08:00

Conversation 0 Commits 1 Files Changed 1 +1 -1

dependabot[bot] commented 2025-06-30 17:16:44 +08:00 (Migrated from github.com)

Copy Link

Bumps jwt from 2.10.1 to 2.10.2.

Changelog

Sourced from jwt's changelog.

Changelog

v3.1.2 (2025-06-28)

Full Changelog

Fixes and enhancements:

• Avoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa #697
• Fix signing with a EC JWK #699 (@​anakinj)

v3.1.1 (2025-06-24)

Full Changelog

Fixes and enhancements:

• Require the algorithm to be provided when signing and verifying tokens using JWKs #695 (@​anakinj)

v3.1.0 (2025-06-23)

Full Changelog

Features:

• Add support for x5t header parameter for X.509 certificate thumbprint verification #669 (@​hieuk09)
• Raise an error if the ECDSA signing or verification key is not an instance of OpenSSL::PKey::EC #688 (@​anakinj)
• Allow OpenSSL::PKey::EC::Point to be used as the verification key in ECDSA #689 (@​anakinj)
• Require claims to have been verified before accessing the JWT::EncodedToken#payload #690 (@​anakinj)
• Support signing and verifying tokens using a JWK #692 (@​anakinj)

v3.0.0 (2025-06-14)

Full Changelog

Breaking changes:

• Require token signature to be verified before accessing payload #648 (@​anakinj)
• Drop support for the HS512256 algorithm #650 (@​anakinj)
• Remove deprecated claim verification methods #654 (@​anakinj)
• Remove dependency to rbnacl #655 (@​anakinj)
• Support only stricter base64 decoding (RFC 4648) #658 (@​anakinj)
• Custom algorithms are required to include JWT::JWA::SigningAlgorithm #660 (@​anakinj)
• Require RSA keys to be at least 2048 bits #661 (@​anakinj)
• Base64 encode and decode the k value for HMAC JWKs #662 (@​anakinj)

Take a look at the upgrade guide for more details.

Features:

... (truncated)

Commits

• 658275c Version 2.10.2 (#703)
• 67dc9d3 Backport: Avoid using the same digest across calls (#697) (#701)
• c73c286 Simplify CI on 2.10 branch (#702)
• 7ff5f07 Fix deprecation messages
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 2.10.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md">jwt's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/jwt/ruby-jwt/tree/v3.1.2">v3.1.2</a> (2025-06-28)</h2> <p><a href="https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2">Full Changelog</a></p> <p><strong>Fixes and enhancements:</strong></p> <ul> <li>Avoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa <a href="https://redirect.github.com/jwt/ruby-jwt/pull/697">#697</a></li> <li>Fix signing with a EC JWK <a href="https://redirect.github.com/jwt/ruby-jwt/pull/699">#699</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> </ul> <h2><a href="https://github.com/jwt/ruby-jwt/tree/v3.1.1">v3.1.1</a> (2025-06-24)</h2> <p><a href="https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1">Full Changelog</a></p> <p><strong>Fixes and enhancements:</strong></p> <ul> <li>Require the algorithm to be provided when signing and verifying tokens using JWKs <a href="https://redirect.github.com/jwt/ruby-jwt/pull/695">#695</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> </ul> <h2><a href="https://github.com/jwt/ruby-jwt/tree/v3.1.0">v3.1.0</a> (2025-06-23)</h2> <p><a href="https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0">Full Changelog</a></p> <p><strong>Features:</strong></p> <ul> <li>Add support for x5t header parameter for X.509 certificate thumbprint verification <a href="https://redirect.github.com/jwt/ruby-jwt/pull/669">#669</a> (<a href="https://github.com/hieuk09"><code>@​hieuk09</code></a>)</li> <li>Raise an error if the ECDSA signing or verification key is not an instance of <code>OpenSSL::PKey::EC</code> <a href="https://redirect.github.com/jwt/ruby-jwt/pull/688">#688</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Allow <code>OpenSSL::PKey::EC::Point</code> to be used as the verification key in ECDSA <a href="https://redirect.github.com/jwt/ruby-jwt/pull/689">#689</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Require claims to have been verified before accessing the <code>JWT::EncodedToken#payload</code> <a href="https://redirect.github.com/jwt/ruby-jwt/pull/690">#690</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Support signing and verifying tokens using a JWK <a href="https://redirect.github.com/jwt/ruby-jwt/pull/692">#692</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> </ul> <h2><a href="https://github.com/jwt/ruby-jwt/tree/v3.0.0">v3.0.0</a> (2025-06-14)</h2> <p><a href="https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0">Full Changelog</a></p> <p><strong>Breaking changes:</strong></p> <ul> <li>Require token signature to be verified before accessing payload <a href="https://redirect.github.com/jwt/ruby-jwt/pull/648">#648</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Drop support for the HS512256 algorithm <a href="https://redirect.github.com/jwt/ruby-jwt/pull/650">#650</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Remove deprecated claim verification methods <a href="https://redirect.github.com/jwt/ruby-jwt/pull/654">#654</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Remove dependency to rbnacl <a href="https://redirect.github.com/jwt/ruby-jwt/pull/655">#655</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Support only stricter base64 decoding (RFC 4648) <a href="https://redirect.github.com/jwt/ruby-jwt/pull/658">#658</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Custom algorithms are required to include <code>JWT::JWA::SigningAlgorithm</code> <a href="https://redirect.github.com/jwt/ruby-jwt/pull/660">#660</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Require RSA keys to be at least 2048 bits <a href="https://redirect.github.com/jwt/ruby-jwt/pull/661">#661</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> <li>Base64 encode and decode the k value for HMAC JWKs <a href="https://redirect.github.com/jwt/ruby-jwt/pull/662">#662</a> (<a href="https://github.com/anakinj"><code>@​anakinj</code></a>)</li> </ul> <p>Take a look at the <a href="https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md">upgrade guide</a> for more details.</p> <p><strong>Features:</strong></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322"><code>658275c</code></a> Version 2.10.2 (<a href="https://redirect.github.com/jwt/ruby-jwt/issues/703">#703</a>)</li> <li><a href="https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191"><code>67dc9d3</code></a> Backport: Avoid using the same digest across calls (<a href="https://redirect.github.com/jwt/ruby-jwt/issues/697">#697</a>) (<a href="https://redirect.github.com/jwt/ruby-jwt/issues/701">#701</a>)</li> <li><a href="https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1"><code>c73c286</code></a> Simplify CI on 2.10 branch (<a href="https://redirect.github.com/jwt/ruby-jwt/issues/702">#702</a>)</li> <li><a href="https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187"><code>7ff5f07</code></a> Fix deprecation messages</li> <li>See full diff in <a href="https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

📆 Planned

Not ready to be worked on yet, but planned for future

💻 Self Hosted only

Issues pertaining to self-hosted versions of Maybe

⚙️ Config

ℹ️ Needs info

Further information is requested

📱 Mobile

Bugs exclusively happening on mobile devices

1️⃣ High Priority

High priority issues will be worked on next

🚨 Urgent

Issues that are urgent for app functionality

3️⃣ Low priority

Contributions accepted, but Maybe team will not be working on this in the near term

2️⃣ Medium Priority

Community contributions accepted, Maybe team only works on if there are no high priority items open

⚡ Performance

Performance issues to address

🎨 UI / UX

Issues related to UI / UX interactions and design.

💎 Bounty

💰 Rewarded

📊 Data issue

Issues where the app functionally works, but the data is missing or inaccurate.

🙋 Bounty claim

$1.5K

Community

This is a great issue for community members to work on

dependencies

Pull requests that update a dependency file

Design

Hosted only

Hosted app only

Required self hoster data migration

Self hosters must run data migrations to resolve this issue

ruby

Pull requests that update Ruby code

No Label dependencies ruby

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

gavin

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: gavin/maybe#2426