Merge branch 'develop/v2' into v2

.github/CONTRIBUTING.md

@@ -28,7 +28,7 @@ The following is a set of guidelines that we ask you to follow when you contribu
 
 # Please Be Nice
 
-[Main source; if wording differ, the main source supersedes this copy](https://github.com/lestrrat-go/contributions/blob/main/Contributions.md)
+[Main source; if wordings differ, the main source supersedes this copy](https://github.com/lestrrat-go/contributions/blob/main/Contributions.md)
 
 Please be nice when you contact us.
 
@@ -46,6 +46,18 @@ But we do not owe you anything. Please do not order us to work for you.
 We are not your support staff, and we are not here to do your research.
 We are willing to help, but only as long as you are being nice to us.
 
+# Please Read The Examples First
+
+[Main source; if wordings differ, the main source supersedes this copy](https://github.com/lestrrat-go/contributions/blob/main/Contributions.md)
+
+On most of the projects that we provide, we have example test code available,
+most likely in the [`examples/`](../examples) directory. Before asking questions or filing issues, please make sure to take a look at the examples.
+
+Specifically for Go projects, please first look for files with names `*_example_test.go`, which contain the runnable example code.
+
+If the examples do not solve your problems, feel free to proceed with your report. If there are missing examples or inaccuracies, please do not hesitate to contact us.
+
+
 # Please Use Correct Medium (GitHub Issues / Discussions)
 
 [Main source; this is a specialized version copied from the main source](https://github.com/lestrrat-go/contributions/blob/main/Contributions.md)
@@ -58,7 +70,7 @@ questions/discussions should be posted to [GitHub Discussions](https://github.co
 
 # Please Include (Pseudo)code for Any Technical Issues
 
-[Main source; if wording differ, the main source supersedes this copy](https://github.com/lestrrat-go/contributions/blob/main/Contributions.md)
+[Main source; if wordings differ, the main source supersedes this copy](https://github.com/lestrrat-go/contributions/blob/main/Contributions.md)
 
 Your report should contain clear, concise description of the issue that you are facing.
 However, at the same time please always include (pseudo)code in report.

.github/workflows/assign-issue.yml

@@ -8,6 +8,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Auto-assign issue'
-        uses: pozil/auto-assign-issue@v1
+        uses: pozil/auto-assign-issue@v2
         with:
           assignees: lestrrat

.github/workflows/benchmark.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: [ '1.19', '1.18', '1.17' ]
+        go: [ '1.21', '1.20' ]
     name: "Test [ Go ${{ matrix.go }} / JSON Backend ${{ matrix.json_backend }} ]"
     steps:
       - name: Checkout repository

.github/workflows/ci.yml

@@ -10,8 +10,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_tags: [ 'stdlib', 'goccy', 'es256k', 'asmbase64', 'alltags']
-        go: [ '1.20', '1.19', '1.18']
+        go_tags: [ 'stdlib', 'goccy', 'es256k', 'secp256k1-pem', 'asmbase64', 'alltags']
+        go: [ '1.21', '1.20', '1.19' ]
     name: "Test [ Go ${{ matrix.go }} / Tags ${{ matrix.go_tags }} ]"
     steps:
       - name: Checkout repository

.github/workflows/dependabot.yml

@@ -10,6 +10,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+      - name: Install tparse
+        run: go install github.com/mfridman/[email protected]
       - run: |
           make tidy
       - run: |
@@ -23,7 +25,7 @@ jobs:
           git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com'
           git add .
           git commit -m "Run tidy / bazel+gazelle"
-          git push origin ${{ github.ref_name }}
+          git push 
           gh pr review --approve "$PR_URL"
           gh pr merge --auto --merge "$PR_URL"
         env:

.github/workflows/lint.yml

@@ -10,7 +10,7 @@ jobs:
         with:
           go-version: 1.19
           check-latest: true
-      - uses: golangci/golangci-lint-action@v4
+      - uses: golangci/golangci-lint-action@v6
         with:
           version: v1.54.2
       - name: Run go vet

.github/workflows/smoke.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       matrix:
         go_tags: [ 'stdlib', 'goccy', 'es256k', 'alltags' ]
-        go: [ '1.20', '1.19', '1.18' ]
+        go: [ '1.21', '1.20', '1.19' ]
     name: "Smoke [ Go ${{ matrix.go }} / Tags ${{ matrix.go_tags }} ]"
     steps:
       - name: Checkout repository

Changes

@@ -4,6 +4,85 @@ Changes
 v2 has many incompatibilities with v1. To see the full list of differences between
 v1 and v2, please read the Changes-v2.md file (https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes-v2.md)
 
+v2.1.0 18 Jun 2024
+[New Features]
+  * [jwt] Added `jwt.ParseCookie()` function
+  * [jwt] `jwt.ParseRequest()` can now accept a new option, jwt.WithCookieKey() to
+    specify a cookie name to extract the token from.
+  * [jwt] `jwt.ParseRequest()` and `jwt.ParseCookie()` can accept the `jwt.WithCookie()` option,
+    which will, upon successful token parsing, make the functions assign the *http.Cookie
+    used to parse the token. This allows users to further inspect the cookie where the
+    token came from, should the need arise.
+  * [jwt] (BREAKING CHANGE) `jwt.ParseRequest()` no longer automatically looks for "Authorization" header when
+    only `jwt.WithFormKey()` is used. This behavior is the same for `jwt.WithCookieKey()` and
+    any similar options that may be implemented in the future.
+
+      # previously
+      jwt.ParseRequest(req) // looks under Authorization
+      jwt.ParseReuqest(req, jwt.WithFormKey("foo")) // looks under foo AND Authorization
+      jwt.ParseReuqest(req, jwt.WithHeaderKey("Authorization"), jwt.WithFormKey("foo")) // looks under foo AND Authorization
+
+      # since this release
+      jwt.ParseRequest(req) // same as before
+      jwt.ParseRequest(req, jwt.WithFormKey("foo")) // looks under foo
+      jwt.ParseReuqest(req, jwt.WithHeaderKey("Authorization"), jwt.WithFormKey("foo")) // looks under foo AND Authorization
+
+  * [jwt] Add `jwt.WithResetValidators()` option to `jwt.Validate()`. This option
+    will allow you to tell `jwt.Validate()` to NOT automatically check the
+    default validators (`iat`, `exp`, and `nbf`), so that you can completely customize
+    the validation with the validators you specify using `jwt.WithValidator()`.
+
+    This sort of behavior is useful for special cases such as 
+    https://openid.net/specs/openid-connect-rpinitiated-1_0.html. However, you SHOULD NOT
+    use this option unless you know exactly what you are doing, as this will pose
+    significant security issues when used incorrectly.
+
+  * [jwk] Provide a _stop-gap_ measure to work with PEM format ASN.1 DER encoded secp256k1 keys.
+
+    In order to enable this feature, you must compile jwx with TWO build tags:
+    `jwx_es256k` to enable ES256K/secp256k1, and `jwx_secp256k1_pem` to enable PEM handling.
+    Not one, but BOTH tags need to be present.
+
+    With this change, by suppliying the `WithPEM(true)` option, `jwk.Parse()` is now
+    able to read sep256k1 keys. Also, `jwk.Pem()` should be able to handle `jwk.Key` objects
+    that represent a secp256k1 key.
+
+    Please do note that the implementation of this feature is dodgy at best. Currently
+    Go's crypto/x509 does not allow handling additional EC curves, and thus in order to
+    accomodate secp256k1 keys in PEM/ASN.1 DER format we need to "patch" the stdlib.
+    We do this by copy-and-pasting relevant parts of go 1.22.2's crypto/x509 code and
+    adding the minimum required code to make secp256k1 keys work.
+
+    Because of the above, there are several important caveats for this feature:
+
+    1. This feature is provided solely as a stop-gap measure until such time Go's stdlib
+    provides a way to handle non-standard EC curves, or another external module
+    is able to solve this issue. 
+
+    2. This feature should be considered unstable and not guaranteed by semantic versioning
+    backward compatibility. At any given point we may drop or modify this feature. It may be
+    because we can no longer maintain the code, or perhaps a security issue is found in the
+    version of the code that we ship with, etc.
+
+    3. Please always remember that we are now bundling a static set of code for handling
+    x509 formats. You are taking a possible security risk by code that could be outdated.
+    Please always do your own research, and if possible, please notify us if the bundled
+    code needs to be updated. Unless you know what you are doing, it is not recommended
+    that you enable this feature.
+
+    4. Please note that because we imported the code from go 1.22's src/crypto/x509,
+    it has some go1.20-isms in its code. Therefore you will not be able to use the
+    `jwx_secp256k1_pem` tag to enable secp256k1 key PEM handling against codebases
+    that are built using go 1.19 and below (the build will succeed, but the feature
+    will be unavailable).
+
+    5. We have no plans to include more curves this way. One is already one too many.
+
+  * [jwe] Fixed a bug when using encryption algorithms involving PBES2 along with the
+    jwx.WithUseNumber() global option. Enabling this option would turn all values
+    stored in the JSON content to be of type `json.Number`, but we did not account for
+    it when checking for the value of `p2c` header, resulting in a conversion error.
+
 v2.0.21 07 Mar 2024
 [Security]
   * [jwe] Added `jwe.Settings(jwe.WithMaxDecompressBufferSize(int64))` to specify the

Makefile

@@ -25,11 +25,14 @@ test-goccy:
 test-es256k:
 	$(MAKE) test-cmd TESTOPTS="-tags jwx_es256k"
 
+test-secp256k1-pem:
+	$(MAKE) test-cmd TESTOPTS="-tags jwx_es256k,jwx_secp256k1_pem"
+
 test-asmbase64:
 	$(MAKE) test-cmd TESTOPTS="-tags jwx_asmbase64"
 
 test-alltags:
-	$(MAKE) test-cmd TESTOPTS="-tags jwx_asmbase64,jwx_goccy,jwx_es256k"
+	$(MAKE) test-cmd TESTOPTS="-tags jwx_asmbase64,jwx_goccy,jwx_es256k,jwx_secp256k1_pem"
 
 cover-cmd:
 	env MODE=cover ./tools/test.sh
@@ -46,11 +49,14 @@ cover-goccy:
 cover-es256k:
 	$(MAKE) cover-cmd TESTOPTS="-tags jwx_es256k"
 
+cover-secp256k1-pem:
+	$(MAKE) cover-cmd TESTOPTS="-tags jwx_es256k,jwx_secp256k1"
+
 cover-asmbase64:
 	$(MAKE) cover-cmd TESTOPTS="-tags jwx_asmbase64"
 
 cover-alltags:
-	$(MAKE) cover-cmd TESTOPTS="-tags jwx_asmbase64,jwx_goccy,jwx_es256k"
+	$(MAKE) cover-cmd TESTOPTS="-tags jwx_asmbase64,jwx_goccy,jwx_es256k,jwx_secp256k1_pem"
 
 smoke-cmd:
 	env MODE=short ./tools/test.sh
@@ -67,8 +73,11 @@ smoke-goccy:
 smoke-es256k:
 	$(MAKE) smoke-cmd TESTOPTS="-tags jwx_es256k"
 
+smoke-secp256k1-pem:
+	$(MAKE) smoke-cmd TESTOPTS="-tags jwx_es256k,jwx_secp256k1_pem"
+
 smoke-alltags:
-	$(MAKE) smoke-cmd TESTOPTS="-tags jwx_goccy,jwx_es256k"
+	$(MAKE) smoke-cmd TESTOPTS="-tags jwx_goccy,jwx_es256k,jwx_secp256k1_pem"
 
 viewcover:
 	go tool cover -html=coverage.out

README.md

@@ -1,4 +1,4 @@
-# github.com/lestrrat-go/jwx/v2 ![](https://github.com/lestrrat-go/jwx/workflows/CI/badge.svg?branch=v2) [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/v2.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/v2) [![codecov.io](https://codecov.io/github/lestrrat-go/jwx/coverage.svg?branch=v2)](https://codecov.io/github/lestrrat-go/jwx?branch=v2)
+# github.com/lestrrat-go/jwx/v2 ![](https://github.com/lestrrat-go/jwx/workflows/CI/badge.svg?branch=develop/v2) [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/v2.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/v2) [![codecov.io](https://codecov.io/github/lestrrat-go/jwx/coverage.svg?branch=v2)](https://codecov.io/github/lestrrat-go/jwx?branch=v2)
 
 Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies.
 
@@ -15,7 +15,7 @@ If you are using this module in your product or your company, please add  your p
 * Opinionated, but very uniform API. Everything is symmetric, and follows a standard convention
   * jws.Parse/Verify/Sign
   * jwe.Parse/Encrypt/Decrypt
-  * Arguments are organized as explicit required paramters and optional WithXXXX() style options.
+  * Arguments are organized as explicit required parameters and optional WithXXXX() style options.
 * Extra utilities
   * `jwk.Cache` to always keep a JWKS up-to-date
   * [bazel](https://bazel.build)-ready
@@ -226,7 +226,7 @@ For either bug reports or feature requests, failing tests are even better.
 
 ## Pull Requests
 
-Please make sure to include tests that excercise the changes you made.
+Please make sure to include tests that exercise the changes you made.
 
 If you are editing auto-generated files (those files with the `_gen.go` suffix, please make sure that you do the following:
 

bench/performance/go.mod

@@ -2,4 +2,4 @@ module github.com/lestrrat-go/jwx/v2/bench/performance
 
 go 1.16
 
-require github.com/lestrrat-go/jwx/v2 v2.0.19
+require github.com/lestrrat-go/jwx/v2 v2.0.21

bench/performance/go.sum

@@ -10,12 +10,12 @@ github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N
 github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
-github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
-github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/OLUk=
+github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
 github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
 github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx/v2 v2.0.19 h1:ekv1qEZE6BVct89QA+pRF6+4pCpfVrOnEJnTnT4RXoY=
-github.com/lestrrat-go/jwx/v2 v2.0.19/go.mod h1:l3im3coce1lL2cDeAjqmaR+Awx+X8Ih+2k8BuHNJ4CU=
+github.com/lestrrat-go/jwx/v2 v2.0.21 h1:jAPKupy4uHgrHFEdjVjNkUgoBKtVDgrQPB/h55FHrR0=
+github.com/lestrrat-go/jwx/v2 v2.0.21/go.mod h1:09mLW8zto6bWL9GbwnqAli+ArLf+5M33QLQPDggkUWM=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
@@ -26,23 +26,27 @@ github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -54,13 +58,15 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=

cmd/jwx/go.mod

@@ -3,9 +3,9 @@ module github.com/lestrrat-go/jwx/v2/cmd/jwx
 go 1.17
 
 require (
-	github.com/lestrrat-go/jwx/v2 v2.0.19
+	github.com/lestrrat-go/jwx/v2 v2.0.21
 	github.com/urfave/cli/v2 v2.26.0
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.21.0
 )
 
 require (
@@ -14,11 +14,11 @@ require (
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/httprc v1.0.5 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 )