Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update everything #161

Merged
merged 1 commit into from
Nov 21, 2023
Merged

chore(deps): update everything #161

merged 1 commit into from
Nov 21, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 23, 2023
edited
Loading

Mend Renovate logo banner

This PR contains the following updates:

Package Type Update Change
github.com/google/uuid require minor v1.3.1 -> v1.4.0
github.com/lestrrat-go/jwx/v2 require patch v2.0.14 -> v2.0.17
github.com/onsi/ginkgo/v2 require patch v2.13.0 -> v2.13.1
github.com/onsi/gomega require minor v1.28.0 -> v1.30.0
github.com/spf13/cobra require minor v1.7.0 -> v1.8.0
golang.org/x/oauth2 require minor v0.13.0 -> v0.14.0
google.golang.org/genproto require digest 49dd2c1 -> 83a465c
google.golang.org/genproto/googleapis/api require digest 49dd2c1 -> 83a465c
google.golang.org/genproto/googleapis/rpc require digest 49dd2c1 -> 83a465c

Release Notes

google/uuid (github.com/google/uuid)

v1.4.0

Compare Source

Features
  • UUIDs slice type with Strings() convenience method (#​133) (cd5fbbd)
Fixes
  • Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)
lestrrat-go/jwx (github.com/lestrrat-go/jwx/v2)

v2.0.17

Compare Source

v2.0.17 20 Nov 2023
[Bug Fixes]
  * [jws] Previously, `jws.UnregisterSigner` did not remove the previous signer instance when
    the signer was registered and unregistered multiple times (#​1016). This has been fixed.

[New Features]
  * [jwe] (EXPERIMENTAL) `jwe.WithCEK` has been added to extract the content encryption key (CEK) from the Decrypt operation.
  * [jwe] (EXPERIMENTAL) `jwe.EncryptStatic` has been added to encrypt content using a static CEK.
    Using static CEKs has serious security implications, and you should not use
    this unless you completely understand the risks involved.

v2.0.16

Compare Source

v2.0.16 31 Oct 2023
[Security]
  * [jws] ECDSA signature verification requires us to check if the signature
    is of the desired length of bytes, but this check that used to exist before
    had been removed in #​65, resulting in certain malformed signatures to pass
    verification.

    One of the ways this could happen if R is a 31 byte integer and S is 32 byte integer,
    both containing the correct signature values, but R is not zero-padded.

       Correct = R: [ 0 , ... ] (32 bytes) S: [ ... ] (32 bytes)
       Wrong   = R: [ ... ] (31 bytes)     S: [ ... ] (32 bytes)

    In order for this check to pass, you would still need to have all 63 bytes
    populated with the correct signature. The only modification a bad actor
    may be able to do is to add one more byte at the end, in which case the
    first 32 bytes (including what would have been S's first byte) is used for R,
    and S would contain the rest. But this will only result in the verification to
    fail. Therefore this in itself should not pose any security risk, albeit
    allowing some illegally formated messages to be verified.

  * [jwk] `jwk.Key` objects now have a `Validate()` method to validate the data
    stored in the keys. However, this still does not necessarily mean that the key's
        are valid for use in cryptographic operations. If `Validate()` is successful,
    it only means that the keys are in the right _format_, including the presence
    of required fields and that certain fields have proper length, etc.

[New Features]
  * [jws] Added `jws.WithValidateKey()` to force calling `key.Validate()` before
    signing or verification.

  * [jws] `jws.Sign()` now returns a special type of error that can hold the
    individual errors from the signers. The stringification is still the same
    as before to preserve backwards compatibility.

  * [jwk] Added `jwk.IsKeyValidationError` that checks if an error is an error
    from `key.Validate()`.

[Bug Fixes]
  * [jwt] `jwt.ParseInsecure()` was running verification if you provided a key
    via `jwt.WithKey()` or `jwt.WithKeySet()` (#​1007)

v2.0.15

Compare Source

v2.0.15 19 20 Oct 2023
[Bug fixes]
  * [jws] jws.Sign() now properly check for valid algorithm / key type pair when
    the key implements crypto.Signer. This was caused by the fact that when 
    jws.WithKey() accepted keys that implemented crypto.Signer, there really
    is no way to robustly check what algorithm the crypto.Signer implements.

    The code has now been modified to check for KNOWN key types, i.e. those
    that are defined in Go standard library, and those that are defined in
    this library. For example, now calling jws.Sign() with jws.WithKey(jwa.RS256, ecdsaKey)
    where ecdsaKey is either an instance of *ecdsa.PrivateKey or jwk.ECDSAPrivateKey
    will produce an error.

    However, if you use a separate library that wraps some KMS library which implements
    crypto.Signer, this same check will not be performed due to the fact that
    it is an unknown library to us. And there's no way to query a crypto.Signer
    for its algorithm family.
onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.13.1

Compare Source

2.13.1

Fixes

  • 1296 fix(precompiled test guite): exec bit check omitted on Windows (#​1301) [26eea01]

Maintenance
onsi/gomega (github.com/onsi/gomega)

v1.30.0

Compare Source

1.30.0

Features
  • BeTrueBecause and BeFalseBecause allow for better failure messages [4da4c7f]
Maintenance

v1.29.0

Compare Source

1.29.0

Features
  • MatchError can now take an optional func(error) bool + description [2b39142]

v1.28.1

Compare Source

1.28.1

Maintenance
  • Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
  • Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
  • Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
  • #​703 doc(matchers): HaveEach() doc comment updated [2705bdb]
  • Minor typos (#​699) [375648c]
spf13/cobra (github.com/spf13/cobra)

v1.8.0

Compare Source

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: spf13/cobra@v1.7.0...v1.8.0

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner October 23, 2023 01:07
@renovate renovate bot requested a review from maaland October 23, 2023 01:07
@codecov
Copy link

codecov bot commented Oct 23, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (1844072) 71.21% compared to head (7896561) 71.21%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #161   +/-   ##
=======================================
  Coverage   71.21%   71.21%           
=======================================
  Files          39       39           
  Lines        2321     2321           
=======================================
  Hits         1653     1653           
  Misses        613      613           
  Partials       55       55

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/everything branch 2 times, most recently from 9109412 to 1c34ec1 Compare October 23, 2023 13:20
@cowan-macady cowan-macady removed the request for review from maaland October 23, 2023 13:24
@renovate renovate bot force-pushed the renovate/everything branch 5 times, most recently from 1828cde to 7b1fb47 Compare November 1, 2023 08:35
@renovate renovate bot force-pushed the renovate/everything branch 6 times, most recently from a3cde8e to 582a740 Compare November 9, 2023 02:00
@renovate renovate bot force-pushed the renovate/everything branch 3 times, most recently from c321c5a to 9874472 Compare November 12, 2023 20:01
@renovate renovate bot force-pushed the renovate/everything branch 2 times, most recently from d192f2b to 252ac79 Compare November 20, 2023 23:06
@renovate renovate bot force-pushed the renovate/everything branch from 252ac79 to 7896561 Compare November 21, 2023 08:10
@cowan-macady cowan-macady merged commit dbfc56c into master Nov 21, 2023
8 of 9 checks passed
@cowan-macady cowan-macady deleted the renovate/everything branch November 21, 2023 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cowan-macady cowan-macady cowan-macady approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cowan-macady