-
-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 #2447
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/git.luolix.top-golang-jwt-jwt-v4-5.x
branch
from
September 12, 2023 08:01
f4e2079
to
e6b6cf2
Compare
pat-s
approved these changes
Sep 12, 2023
Closed
Closed
Closed
This was referenced Nov 5, 2023
Closed
Closed
Closed
Closed
Merged
6543
pushed a commit
that referenced
this pull request
Nov 23, 2023
This PR was opened by the [ready-release-go](https://github.com/woodpecker-ci/plugin-ready-release-go) plugin. When you're ready to do a release, you can merge this pull-request and a new release with version `2.0.0` will be created automatically. If you're not ready to do a release yet, that's fine, whenever you add more changes to `main` this pull-request will be updated. ## Options - [ ] Mark this version as a release candidate ## [2.0.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.0.0) - 2023-11-23 ### 💥 Breaking changes - Rename `link` to `url` [[#2812](#2812)] - Revert to singular CLI args [[#2820](#2820)] - Use int64 for IDs in woodpecker client lib [[#2703](#2703)] - Woodpecker-go: Use Feed instead of Activity [[#2690](#2690)] - Do not sanitzie secrets with 3 or less chars [[#2680](#2680)] - fix(deps): update docker to v24 [[#2675](#2675)] - Remove `WOODPECKER_DOCS` config [[#2647](#2647)] - Remove plugin-only option from secrets [[#2213](#2213)] - Remove deprecated API paths [[#2639](#2639)] - Remove SSH backend [[#2635](#2635)] - Remove deprecated `build` command [[#2602](#2602)] - Deprecate "platform" filter in favour of "labels" [[#2181](#2181)] - Remove useless "sync" option from RepoListOpts from the client lib [[#2090](#2090)] - Drop deprecated built-in environment variables [[#2048](#2048)] ### 🔒 Security - Never log tokens [[#2466](#2466)] - Check permissions on repo lookup [[#2357](#2357)] - Change token logging to trace level [[#2247](#2247)] - Validate webhook before changing any data [[#2221](#2221)] ### ✨ Features - Add version and update notes [[#2722](#2722)] - Add repos list for admins [[#2347](#2347)] - Add org list [[#2338](#2338)] - Add option to configure tolerations in kubernetes backend [[#2249](#2249)] - Support user secrets [[#2126](#2126)] - Add opt save global log output to file [[#2115](#2115)] - Support bitbucket Dir() and support multi-workflows [[#2045](#2045)] - Add ping command to server to allow container healthchecks [[#2030](#2030)] ### 📚 Documentation - Add 2.0.0 post [[#2864](#2864)] - Add extend env plugin [[#2847](#2847)] - mark v1.0.x as unmaintained [[#2818](#2818)] - Update docs npm deps non-major [[#2799](#2799)] - Add docs about Gitea on same host and update docker-compose example [[#2752](#2752)] - Update docusaurus plugin [[#2804](#2804)] - Mark kubernetes backend as fully supported [[#2756](#2756)] - Update docusaurus to v3 [[#2732](#2732)] - Fix the wrong link to the cron job document [[#2740](#2740)] - Improve secrets documentation [[#2707](#2707)] - Add woodpecker-lint tool [[#2648](#2648)] - Add autoscaler docs [[#2631](#2631)] - Rework setup docs [[#2630](#2630)] - doc: improve prometheus docs [[#2617](#2617)] - docs add nixos install instructions [[#2616](#2616)] - Add prettier plugin [[#2621](#2621)] - [doc] improve documentation WOODPECKER_SESSION_EXPIRES [[#2603](#2603)] - Update documentation WRT to recent `$platform` changes [[#2531](#2531)] - Add plugin "GitHub release" [[#2592](#2592)] - Cleanup docs [[#2478](#2478)] - Add plugin "Release helper" [[#2584](#2584)] - Add plugin "Gitea Create Pull Request" to plugin index [[#2581](#2581)] - Adjust github scopes and clarify documentation. [[#2578](#2578)] - Remove redundant definition of webhook form docs [[#2561](#2561)] - Add notes about CRI-O specific config [[#2546](#2546)] - Fix incorrect yaml syntax for `ref` in docs [[#2518](#2518)] - Local image documentation [[#2521](#2521)] - Adds bitbucket tag support in docs [[#2536](#2536)] - Fix docs duplicate WOODPECKER_HOST assignment [[#2501](#2501)] - Update github auth install [[#2499](#2499)] - Update GH app installation instructions [[#2472](#2472)] - Add videos [[#2465](#2465)] - docs: missing info for runs_on [[#2457](#2457)] - Add hint about alternative pipeline skip syntax [[#2443](#2443)] - Fix typo in GitLab docs [[#2376](#2376)] - clarify setup with gitlab with RFC1918 nets and non standard TLDs [[#2363](#2363)] - Clarify env var `CI` in docs [[#2349](#2349)] - docs: yaml cheatsheet for advanced syntax [[#2329](#2329)] - Improve explanation for globs in when:path [[#2252](#2252)] - Fix usage description for backend-http-proxy flag [[#2250](#2250)] - Restructure k8s documentation [[#2193](#2193)] - Update list of "projects using Woodpecker" [[#2196](#2196)] - Update 92-awesome.md [[#2195](#2195)] - Better blog title/desc [[#2182](#2182)] - Fix version in FAQ [[#2101](#2101)] - Add blog posts/tutorials [[#2095](#2095)] - update version docs about versioning [[#2086](#2086)] - Fix client example [[#2085](#2085)] - Update docs deps to address cves [[#2080](#2080)] - fix: global registry docs [[#2070](#2070)] - Improve bitbucket docs [[#2066](#2066)] - update docs about versioning [[#2043](#2043)] - Set v1.0 documents as default and mark v0.15 as unmaintained [[#2034](#2034)] ### 📈 Enhancement - Cleanup plugins index [[#2856](#2856)] - Bump default clone image version to 2.4.0 [[#2852](#2852)] - Signal to clients the hook and event routes where removed [[#2826](#2826)] - Replace `interface{}` with `any` [[#2807](#2807)] - Fix repo owner filter [[#2808](#2808)] - Sort agents list by ID [[#2795](#2795)] - Fix css loading order in head [[#2785](#2785)] - Fix error color contrast in dark theme [[#2778](#2778)] - Replace linter icons to match theme [[#2765](#2765)] - Switch to go vanity urls [[#2706](#2706)] - Add workflow version [[#2476](#2476)] - UI enhancements/fixes [[#2754](#2754)] - Fail on missing secrets [[#2749](#2749)] - Add deprecation warnings [[#2725](#2725)] - Enhance linter and errors [[#1572](#1572)] - Option to change temp dir for local backend [[#2702](#2702)] - Revert breaking pipeline changes [[#2677](#2677)] - Add ports into pipeline backend step model [[#2656](#2656)] - Unregister stateless agents from server on termination [[#2606](#2606)] - Let the backend engine report the current platform [[#2688](#2688)] - Showing the pending pipelines on top [[#1488](#1488)] - Print local backend command logs [[#2678](#2678)] - Report problems with listening to ports and exit [[#2102](#2102)] - Use path.Join for server side path generation [[#2689](#2689)] - Refactor UI dark/bright mode [[#2590](#2590)] - Stop steps after they are done [[#2681](#2681)] - Fix where syntax [[#2676](#2676)] - Add "Repair all" button [[#2642](#2642)] - Use pagination utils [[#2633](#2633)] - Dynamic forge request size [[#2622](#2622)] - Update to docker 23 [[#2577](#2577)] - Refactor/simplify pubsub [[#2554](#2554)] - Refactor pipeline parsing and forge refreshing [[#2527](#2527)] - Fix gitlab hooks and simplify config extension [[#2537](#2537)] - Set home variable in local backend for windows [[#2323](#2323)] - Some cleanups about host config [[#2490](#2490)] - Fix usage of WOODPECKER_ROOT_PATH [[#2485](#2485)] - Some UI enhancement [[#2468](#2468)] - Harmonize pipeline status information and add a review link to the approval [[#2345](#2345)] - Add Renovate [[#2360](#2360)] - Add option to render button as link [[#2378](#2378)] - Close sidebar on outside clicks [[#2325](#2325)] - Add release helper [[#1976](#1976)] - Use API error helpers and improve response codes [[#2366](#2366)] - Import packages only once [[#2362](#2362)] - Execute `make generate` with new versions [[#2365](#2365)] - Only show commit title [[#2361](#2361)] - Truncate commit message in pipeline log view header [[#2356](#2356)] - Increase header padding again [[#2348](#2348)] - Use full width header on pipeline view and show repo name [[#2327](#2327)] - Use html list for changed files list [[#2346](#2346)] - Show that repo is disabled [[#2340](#2340)] - Add spacing to pipeline feed spinner [[#2326](#2326)] - Autodetect host platform in Makefile [[#2322](#2322)] - Add "plugin" support to local backend [[#2239](#2239)] - Rename grpc pipeline to workflow [[#2173](#2173)] - Pass netrc data to external config service request [[#2310](#2310)] - Create settings-panel vue component and use InputFields [[#2177](#2177)] - Use browser-native tooltips [[#2189](#2189)] - Improve agent rpc retry logic with exponential backoff [[#2205](#2205)] - Skip settings proxy config with WithProxy if its empty [[#2242](#2242)] - Move hook and events-stream routes to use `/api` prefix [[#2212](#2212)] - Add SSH clone URL env var [[#2198](#2198)] - Small improvements to mobile interface [[#2202](#2202)] - Switch to upstream ttlcache [[#2187](#2187)] - Convert EqualStringSlice to generic EqualSliceValues [[#2179](#2179)] - Pass netrc to trusted clone images [[#2163](#2163)] - Use Vue setup directive [[#2165](#2165)] - Release file lock on USR1 signal [[#2151](#2151)] - Use min/max width for pipeline step list [[#2141](#2141)] - Add header to pipeline log and always show buttons [[#2140](#2140)] - Use fix width for pipeline step list [[#2138](#2138)] - Make sure we dont have hidden options for backend and pipeline compiler [[#2123](#2123)] - Enhance local backend [[#2017](#2017)] - Don't show badge without information [[#2130](#2130)] - CLI repo sync: Show `forge-remote-id` [[#2103](#2103)] - Lazy-load TimeAgo locales [[#2094](#2094)] - Improve user settings [[#2087](#2087)] - Allow to disable swagger [[#2093](#2093)] - Use consistent woodpecker color scheme [[#2003](#2003)] - Change master to main [[#2044](#2044)] - Remove default branch fallbacks [[#2065](#2065)] - Remove fallback check for old sqlite file location [[#2046](#2046)] - Include the function name in generic datastore errors [[#2041](#2041)] ### 🐛 Bug Fixes - Fix plugin URLs [[#2850](#2850)] - Fix env vars and add UI url [[#2811](#2811)] - Fix paths for version check [[#2816](#2816)] - Add `privileged` schema definition [[#2777](#2777)] - Use unique label selector for pod label for kubernetes services [[#2723](#2723)] - Some UI fixes [[#2698](#2698)] - Fix active tab not updating on prop change [[#2712](#2712)] - Unique status for matrix [[#2695](#2695)] - Fix secret image filter regex [[#2674](#2674)] - local backend ignore errors in commands inbetween [[#2636](#2636)] - Do not print log level on CLI [[#2638](#2638)] - Fix error when closing logs [[#2637](#2637)] - Fix `CI_WORKSPACE` in local backend [[#2627](#2627)] - Some mobile UI fixes [[#2624](#2624)] - Fix secret priority [[#2599](#2599)] - UI cleanups and improvements [[#2548](#2548)] - Fix PR event trigger and list for bitbucket repos [[#2539](#2539)] - Fix ccmenu endpoint [[#2543](#2543)] - Trim last "/" from WOODPECKER_HOST config [[#2538](#2538)] - Use correct mime type when no content is sent [[#2515](#2515)] - Fix bitbucket branches pagination. [[#2509](#2509)] - fix: change config.config_data column type to longblob in mysql [[#2434](#2434)] - Fix: change tasks.task_data column type to longblob in mysql [[#2418](#2418)] - Do not list archived repos for all forges [[#2374](#2374)] - fix(server/api/repo): Fix repair webhook host [[#2372](#2372)] - Delete repos/secrets on org deletion [[#2367](#2367)] - Fix org fetching [[#2343](#2343)] - Show correct event in pipeline step list [[#2334](#2334)] - Add min height to mobile pipeline view and fix overflow [[#2335](#2335)] - Fix grid column size in pipeline log view [[#2336](#2336)] - Fix mobile login view [[#2332](#2332)] - Fix button loading spinner when activating repos [[#2333](#2333)] - make WOODPECKER_MIGRATIONS_ALLOW_LONG have an actuall effect [[#2251](#2251)] - Docker build dont ignore ci env vars [[#2238](#2238)] - Handle parsed hooks that should be ignored [[#2243](#2243)] - Set correct version for release branch releases [[#2227](#2227)] - Bump default git clone plugin [[#2215](#2215)] - Show all steps [[#2190](#2190)] - Fix pipeline config collapsing [[#2166](#2166)] - Fix 'add-orgs' migration [[#2117](#2117)] - docs: Environment Variable Seems to be `DOCKER_HOST`, not `DOCKER_SOCK` [[#2122](#2122)] - Fix swagger response code [[#2119](#2119)] - Forge Github Org: Use `login` instead of `name` [[#2104](#2104)] - client.go: Fix RepoPost path [[#2091](#2091)] - Fix alt text contrast in code boxes [[#2089](#2089)] - Fix WOODPECKER_GRPC_VERIFY being ignored [[#2077](#2077)] - Handle case where there is no latest pipeline for GetBadge [[#2042](#2042)] ### Misc - Update release-helper [[#2863](#2863)] - Add repo owner test [[#2857](#2857)] - Update woodpeckerci/plugin-ready-release-go Docker tag to v1.0.2 [[#2853](#2853)] - Update golang (packages) [[#2839](#2839)] - Update dependency vite to v5 [[#2836](#2836)] - Lock file maintenance [[#2840](#2840)] - Update postgres Docker tag to v16.1 [[#2842](#2842)] - Update docker.io/golang Docker tag to v1.21.4 [[#2828](#2828)] - Update docker.io/techknowlogick/xgo Docker tag to go-1.21.4 [[#2829](#2829)] - Update golang (packages) [[#2815](#2815)] - Update dependency marked to v10 [[#2810](#2810)] - Update release-helper [[#2801](#2801)] - Remove go versions from .golangci.yml [[#2775](#2775)] - [pre-commit.ci] pre-commit autoupdate [[#2767](#2767)] - Lock file maintenance [[#2755](#2755)] - Update golang (packages) [[#2742](#2742)] - Update woodpeckerci/plugin-ready-release-go Docker tag to v0.7.0 [[#2728](#2728)] - Add grafana dashobard to awesome [[#2710](#2710)] - Pin alpine versions in Dockerfile [[#2649](#2649)] - Use full qualifyer for images [[#2692](#2692)] - chore(deps): lock file maintenance [[#2673](#2673)] - fix(deps): update golang (packages) [[#2671](#2671)] - Use `pre-commit` [[#2650](#2650)] - fix(deps): update dependency fuse.js to v7 [[#2666](#2666)] - chore(deps): update dependency @types/node to v20 [[#2664](#2664)] - chore(deps): update woodpeckerci/plugin-docker-buildx docker tag to v2.2.0 [[#2663](#2663)] - chore(deps): update mysql docker tag to v8.2.0 [[#2662](#2662)] - Add some tests [[#2652](#2652)] - chore(deps): update docs npm deps non-major [[#2660](#2660)] - chore(deps): update web npm deps non-major [[#2661](#2661)] - Fix codecov plugin version [[#2643](#2643)] - Add prettier [[#2600](#2600)] - Do not run docker prepare steps [[#2626](#2626)] - Fix docker workflow and only run if needed [[#2625](#2625)] - fix(deps): update golang (packages) [[#2614](#2614)] - chore(deps): lock file maintenance [[#2620](#2620)] - chore(deps): update codeberg.org/woodpecker-plugins/trivy docker tag to v1.0.1 [[#2618](#2618)] - chore(deps): update node.js to v21 [[#2615](#2615)] - Only publish PR images when label is set [[#2608](#2608)] - chore(deps): lock file maintenance [[#2595](#2595)] - chore(deps): update postgres docker tag to v16 [[#2588](#2588)] - Update renovate schedule & use central config repo [[#2597](#2597)] - chore(deps): update woodpeckerci/plugin-surge-preview docker tag to v1.2.2 [[#2593](#2593)] - Update README badge link [[#2596](#2596)] - fix(deps): update golang (packages) to v23.0.7+incompatible [[#2586](#2586)] - Fix missing web dist [[#2580](#2580)] - Run tests on `main` branch [[#2576](#2576)] - fix(deps): update module github.com/google/go-github/v55 to v56 [[#2573](#2573)] - Add plugin "NixOS Remote Builder" to plugin index [[#2571](#2571)] - Fix renovate [[#2569](#2569)] - renovate: add `golang` group [[#2567](#2567)] - chore(deps): update golang docker tag to v1.21.3 [[#2564](#2564)] - chore(deps): update techknowlogick/xgo docker tag to go-1.21.3 [[#2565](#2565)] - fix(deps): update golang deps non-major [[#2566](#2566)] - chore(deps): update mstruebing/editorconfig-checker docker tag to v2.7.2 [[#2563](#2563)] - Bump to mysql 8 [[#2559](#2559)] - fix(deps): update module github.com/xanzy/go-gitlab to v0.93.1 [[#2560](#2560)] - Require Go 1.21 [[#2553](#2553)] - chore(deps): update techknowlogick/xgo docker tag to go-1.21.2 [[#2523](#2523)] - Update issue config [[#2353](#2353)] - Add test for handling pipeline error [[#2547](#2547)] - chore(deps): update golang docker tag to v1.21.2 [[#2532](#2532)] - fix(deps): update golang.org/x/exp digest to 7918f67 [[#2535](#2535)] - fix(deps): update golang deps non-major [[#2533](#2533)] - fix(deps): update golang.org/x/exp digest to 3e424a5 [[#2530](#2530)] - Use golangci-lint to lint zerolog [[#2524](#2524)] - Renovate config updates [[#2519](#2519)] - fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible [[#2517](#2517)] - fix(deps): update module github.com/melbahja/goph to v1.4.0 [[#2513](#2513)] - fix(deps): update golang deps non-major [[#2500](#2500)] - chore(deps): lock file maintenance [[#2497](#2497)] - Fix broken link to 3rd party plugin library [[#2494](#2494)] - fix(deps): update golang deps non-major [[#2486](#2486)] - chore(deps): lock file maintenance [[#2469](#2469)] - Add devx lable to compose file PRs [[#2467](#2467)] - chore(deps): update postgres docker tag to v16 [[#2463](#2463)] - Update gitea sdk [[#2464](#2464)] - fix(deps): update golang deps non-major [[#2462](#2462)] - fix(deps): update dependency ansi_up to v6 [[#2431](#2431)] - chore(deps): update web npm deps non-major [[#2461](#2461)] - fix(deps): update module github.com/tevino/abool to v2 [[#2460](#2460)] - fix(deps): update module github.com/google/go-github/v39 to v55 [[#2456](#2456)] - fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 [[#2449](#2449)] - fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 [[#2447](#2447)] - chore(deps): update node.js to v20 [[#2422](#2422)] - Add renovate package rule to apply build label [[#2440](#2440)] - fix(deps): update dependency prism-react-renderer to v2 [[#2436](#2436)] - fix(deps): update dependency node-emoji to v2 [[#2435](#2435)] - Add renovate package rule to apply dependencies label [[#2438](#2438)] - fix(deps): update golang deps non-major [[#2437](#2437)] - chore(deps): update postgres docker tag to v15 [[#2423](#2423)] - fix(deps): update dependency esbuild-loader to v4 [[#2433](#2433)] - fix(deps): update dependency clsx to v2 [[#2432](#2432)] - fix(deps): update dependency @vueuse/core to v10 [[#2430](#2430)] - fix(deps): update dependency @svgr/webpack to v8 [[#2429](#2429)] - fix(deps): update dependency @kyvg/vue3-notification to v3 [[#2427](#2427)] - fix(deps): update dependency @intlify/unplugin-vue-i18n to v1 [[#2426](#2426)] - chore(deps): update typescript-eslint monorepo to v6 (major) [[#2425](#2425)] - chore(deps): update react monorepo to v18 (major) [[#2424](#2424)] - chore(deps): update dependency prettier to v3 [[#2420](#2420)] - chore(deps): update dependency eslint-config-prettier to v9 [[#2415](#2415)] - chore(deps): update dependency @tsconfig/docusaurus to v2 [[#2410](#2410)] - chore(deps): update dependency typescript to v5 [[#2421](#2421)] - chore(deps): update dependency concurrently to v8 [[#2414](#2414)] - Add renovate deps groups [[#2417](#2417)] - fix(deps): update module xorm.io/xorm to v1.3.3 [[#2393](#2393)] - chore(deps): update dependency marked to v9 [[#2419](#2419)] - chore(deps): update dependency @types/marked to v5 [[#2411](#2411)] - fix(deps): update module github.com/rs/zerolog to v1.30.0 [[#2404](#2404)] - fix(deps): update module github.com/jellydator/ttlcache/v3 to v3.1.0 [[#2402](#2402)] - fix(deps): update module github.com/xanzy/go-gitlab to v0.91.1 [[#2405](#2405)] - fix(deps): update module github.com/antonmedv/expr to v1.15.1 [[#2400](#2400)] - chore(deps): update dependency axios to v1 [[#2413](#2413)] - fix(deps): update module github.com/prometheus/client_golang to v1.16.0 [[#2403](#2403)] - fix(deps): update module github.com/urfave/cli/v2 to v2.25.7 [[#2391](#2391)] - fix(deps): update module google.golang.org/protobuf to v1.31.0 [[#2409](#2409)] - fix(deps): update kubernetes packages to v0.28.1 [[#2399](#2399)] - fix(deps): update module github.com/swaggo/swag to v1.16.2 [[#2390](#2390)] - fix(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.36.0 [[#2406](#2406)] - fix(deps): update module github.com/stretchr/testify to v1.8.4 [[#2389](#2389)] - fix(deps): update module github.com/caddyserver/certmagic to v0.19.2 [[#2401](#2401)] - chore(deps): update postgres docker tag to v12.16 [[#2397](#2397)] - fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.17 [[#2387](#2387)] - fix(deps): update module github.com/google/uuid to v1.3.1 [[#2386](#2386)] - chore(deps): update dependency unplugin-vue-components to ^0.25.0 [[#2395](#2395)] - fix(deps): update dependency @intlify/unplugin-vue-i18n to ^0.13.0 [[#2398](#2398)] - chore(deps): update dependency unplugin-icons to ^0.17.0 [[#2394](#2394)] - chore(deps): update golang docker tag [[#2396](#2396)] - fix(deps): update module github.com/moby/moby to v20.10.25+incompatible [[#2388](#2388)] - fix(deps): update module github.com/docker/docker to v20.10.25+incompatible [[#2385](#2385)] - fix(deps): update module github.com/docker/cli to v20.10.25+incompatible [[#2384](#2384)] - fix(deps): update module github.com/alessio/shellescape to v1.4.2 [[#2381](#2381)] - fix(deps): update golang.org/x/exp digest to 9212866 [[#2380](#2380)] - Check for correct license header [[#2137](#2137)] - Add TestCompilerCompile [[#2183](#2183)] - Fix `docs` workflow [[#2128](#2128)] - Add some tests for bitbucket forge [[#2097](#2097)] - Publish releases and branch tags to quay.io too [[#2069](#2069)]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v4.5.0
->v5.0.0
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
golang-jwt/jwt (github.com/golang-jwt/jwt/v4)
v5.0.0
Compare Source
🚀 New Major Version
v5
🚀It's finally here, the release you have been waiting for! We don't take breaking changes lightly, but the changes outlined below were necessary to address some of the challenges of the previous API. A big thanks for @mfridman for all the reviews, all contributors for their commits and of course @dgrijalva for the original code. I hope we kept some of the spirit of your original
v4
branch alive in the approach we have taken here.~@oxisto, on behalf of @golang-jwt/maintainers
Version
v5
contains a major rework of core functionalities in thejwt-go
library. This includes support for several validation options as well as a re-design of theClaims
interface. Lastly, we reworked how errors work under the hood, which should provide a better overall developer experience.Starting from v5.0.0, the import path will be:
For most users, changing the import path should suffice. However, since we intentionally changed and cleaned some of the public API, existing programs might need to be updated. The following sections describe significant changes and corresponding updates for existing programs.
Parsing and Validation Options
Under the hood, a new
validator
struct takes care of validating the claims. A long awaited feature has been the option to fine-tune the validation of tokens. This is now possible with severalParserOption
functions that can be appended to mostParse
functions, such asParseWithClaims
. The most important options and changes are:WithLeeway
to support specifying the leeway that is allowed when validating time-based claims, such asexp
ornbf
.iat
claim. Usage of this claim is OPTIONAL according to the JWT RFC. The claim itself is also purely informational according to the RFC, so a strict validation failure is not recommended. If you want to check for sensible values in these claims, please use theWithIssuedAt
parser option.WithAudience
,WithSubject
andWithIssuer
to support checking for expectedaud
,sub
andiss
.WithStrictDecoding
andWithPaddingAllowed
options to allow previously global settings to enable base64 strict encoding and the parsing of base64 strings with padding. The latter is strictly speaking against the standard, but unfortunately some of the major identity providers issue some of these incorrect tokens. Both options are disabled by default.Changes to the
Claims
interfaceComplete Restructuring
Previously, the claims interface was satisfied with an implementation of a
Valid() error
function. This had several issues:Since all the validation functionality is now extracted into the validator, all
VerifyXXX
andValid
functions have been removed from theClaims
interface. Instead, the interface now represents a list of getters to retrieve values with a specific meaning. This allows us to completely decouple the validation logic with the underlying storage representation of the claim, which could be a struct, a map or even something stored in a database.Supported Claim Types and Removal of
StandardClaims
The two standard claim types supported by this library,
MapClaims
andRegisteredClaims
both implement the necessary functions of this interface. The oldStandardClaims
struct, which has already been deprecated inv4
is now removed.Users using custom claims, in most cases, will not experience any changes in the behavior as long as they embedded
RegisteredClaims
. If they created a new claim type from scratch, they now need to implemented the proper getter functions.Migrating Application Specific Logic of the old
Valid
Previously, users could override the
Valid
method in a custom claim, for example to extend the validation with application-specific claims. However, this was always very dangerous, since once could easily disable the standard validation and signature checking.In order to avoid that, while still supporting the use-case, a new
ClaimsValidator
interface has been introduced. This interface consists of theValidate() error
function. If the validator sees, that aClaims
struct implements this interface, the errors returned to theValidate
function will be appended to the regular standard validation. It is not possible to disable the standard validation anymore (even only by accident).Usage examples can be found in example_test.go, to build claims structs like the following.
Changes to the
Token
andParser
structThe previously global functions
DecodeSegment
andEncodeSegment
were moved to theParser
andToken
struct respectively. This will allow us in the future to configure the behavior of these two based on options supplied on the parser or the token (creation). This also removes two previously global variables and moves them to parser optionsWithStrictDecoding
andWithPaddingAllowed
.In order to do that, we had to adjust the way signing methods work. Previously they were given a base64 encoded signature in
Verify
and were expected to return a base64 encoded version of the signature inSign
, both as astring
. However, this made it necessary to haveDecodeSegment
andEncodeSegment
global and was a less than perfect design because we were repeating encoding/decoding steps for all signing methods. Now,Sign
andVerify
operate on a decoded signature as a[]byte
, which feels more natural for a cryptographic operation anyway. Lastly,Parse
andSignedString
take care of the final encoding/decoding part.In addition to that, we also changed the
Signature
field onToken
from astring
to[]byte
and this is also now populated with the decoded form. This is also more consistent, because the other parts of the JWT, mainlyHeader
andClaims
were already stored in decoded form inToken
. Only the signature was stored in base64 encoded form, which was redundant with the information in theRaw
field, which contains the complete token as base64.Most (if not all) of these changes should not impact the normal usage of this library. Only users directly accessing the
Signature
field as well as developers of custom signing methods should be affected.What's Changed
StandardClaims
in favor ofRegisteredClaims
by @oxisto in #235v5
Pre-Release by @oxisto in https://github.com/golang-jwt/jwt/pull/234DecodeSegement
toParser
by @oxisto in https://github.com/golang-jwt/jwt/pull/278Verify
&Sign
to detail why string is not an advisable input for key by @dillonstreator in https://github.com/golang-jwt/jwt/pull/249v5
release by @oxisto in https://github.com/golang-jwt/jwt/pull/291New Contributors
Full Changelog: golang-jwt/jwt@v4.5.0...v5.0.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.