Bump actions/setup-go from 3 to 4 #887

dependabot · 2023-03-16T08:05:23Z

Release notes

Sourced from actions/setup-go's releases.

v4.0.0

In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying cache: false.
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v4
    with:
      go-version: ‘1.19’
  - run: go run hello.go
Besides, we introduce such changes as

Allow to use only GOCACHE for cache

Bump json5 from 2.2.1 to 2.2.3

Use proper version for primary key in cache

Always add Go bin to the PATH

Add step warning if go-version input is empty

Add support for stable and oldstable aliases

In scope of this release we introduce aliases for the go-version input. The stable alias instals the latest stable version of Go. The oldstable alias installs previous latest minor release (the stable is 1.19.x -> the oldstable is 1.18.x).

Stable
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'stable'
  - run: go run hello.go
OldStable
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'oldstable'
  - run: go run hello.go
Add support for go.work and pass the token input through on GHES

In scope of this release we added support for go.work file to pass it in go-version-file input.
steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
</tr></table> 

... (truncated)

Commits

4d34df0 Update configuration files (#348)
fdc0d67 Add Go bin if go-version input is empty (#351)
ebfdf6a add warning if go-version is empty (#350)
b27d769 fix lockfileVersion (#349)
c51a720 Enable caching by default with default input (#332)
6b848af Merge pull request #343 from akv-platform/reusable-workflow
12741cc Format update-config-files.yml
7a77a6a Merge branch 'main' into reusable-workflow
42a0cc8 Add update-config-files.yml
7406d65 Add and configure ESLint and update configuration for Prettier (#341)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

codecov · 2023-03-16T08:09:39Z

Codecov Report

❗ No coverage uploaded for pull request base (develop/v2@3f5926c). Click here to learn what that means.
The diff coverage is n/a.

@@              Coverage Diff              @@
##             develop/v2     #887   +/-   ##
=============================================
  Coverage              ?   71.55%           
=============================================
  Files                 ?       92           
  Lines                 ?    13235           
  Branches              ?        0           
=============================================
  Hits                  ?     9470           
  Misses                ?     2946           
  Partials              ?      819

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update deps * Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841) * Protect jws.Verify() from panic on go1.19+ * Same problem, but in jwe * Update Changes * fix example (#843) I have a feeling we inadvertently reverted some commit * Action updates, doc tweaks (#844) * Use tparse (#845) * Use tparse * s/all/alltags/ * fix typo (#846) * fix typo (#847) * Bump kentaro-m/auto-assign-action from 1.2.0 to 1.2.4 (#848) Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.0 to 1.2.4. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.0...v1.2.4) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump codecov/codecov-action from 1 to 3 (#849) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v1...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Work with invalid JWT buffers better (#851) * Work with invalid JWT buffers better * spelling * Update Changes * typo * Tweak Changes * Update Changes * Bump github.com/goccy/go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.11 to 0.10.0. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.9.11...v0.10.0) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/lestrrat-go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/lestrrat-go/option/releases) - [Commits](lestrrat-go/option@v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/option dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/stale from 6 to 7 (#859) Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Tweak v2 tests (#863) * Port changes from #862 * Actually report errors * fix expected result * Unbeknownst to me, benchstat seems to have changed * Update Contribution Guidelines * Fix generated header file comments (#867) The generated file header should match regexp: ^// Code generated .* DO NOT EDIT\.$ See https://golang.org/s/generatedcode. * Remove unused variables in ReadFile (#866) * Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tool deps (#869) * Try updating tools for genjwt * Update genjws * Update genjwe * Update genjwk * Update genjwa * Update genjwk * Updage genoptions * Update genreadfile * Fix PEM armor for EC private keys when encoding (#876) * Incorporate #875 * Test PEM roundtrip for other key types * Use more constants * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#873) * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Create codeql.yml * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877) * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run go get and make tidy --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Add bazel support (#880) * Attempt to enable bazel * enable bazel building in smoke tests too * tweak order * Add explicit imports * Add deps.bzl * remove unused file reference * Add missing BUILD file * Add missing BUILD file * add missing BUILD.bazel files * add .bazelversion * Add aspect presets * Update Changes/README * Create an auto-merge action for dependabot (#884) * Create an auto-merge action for dependabot * approve and merge * indent * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 (#882) * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.0 to 0.10.1. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.0...v0.10.1) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Fix jwk cache docs (#885) * Fix example comment * Upon re-reading, this sentence does not need to exist * autodoc updates (#886) Co-authored-by: lestrrat <[email protected]> * Bump actions/setup-go from 3 to 4 (#887) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Allow "none" algorithm when signing with explicit option (#890) * Add test case for #888 * Catch the use of "none" when used in conjunction with jws.WithKey * first pass implementing (jwt/jws).Sign that allows alg="none" * regenerate jwt options * appease linter * Check for jws.Sign/Verify * OK to _sign_ using `none`, but no verification * Tweak Changes * typo (#893) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 (#892) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.1 to 0.10.2. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.1...v0.10.2) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Bump github.com/goccy/go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.11 to 0.10.0. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.9.11...v0.10.0) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/lestrrat-go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/lestrrat-go/option/releases) - [Commits](lestrrat-go/option@v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/option dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/stale from 6 to 7 (#859) Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Tweak v2 tests (#863) * Port changes from #862 * Actually report errors * fix expected result * Unbeknownst to me, benchstat seems to have changed * Update Contribution Guidelines * Fix generated header file comments (#867) The generated file header should match regexp: ^// Code generated .* DO NOT EDIT\.$ See https://golang.org/s/generatedcode. * Remove unused variables in ReadFile (#866) * Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tool deps (#869) * Try updating tools for genjwt * Update genjws * Update genjwe * Update genjwk * Update genjwa * Update genjwk * Updage genoptions * Update genreadfile * Fix PEM armor for EC private keys when encoding (#876) * Incorporate #875 * Test PEM roundtrip for other key types * Use more constants * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#873) * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Create codeql.yml * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877) * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run go get and make tidy --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Add bazel support (#880) * Attempt to enable bazel * enable bazel building in smoke tests too * tweak order * Add explicit imports * Add deps.bzl * remove unused file reference * Add missing BUILD file * Add missing BUILD file * add missing BUILD.bazel files * add .bazelversion * Add aspect presets * Update Changes/README * Create an auto-merge action for dependabot (#884) * Create an auto-merge action for dependabot * approve and merge * indent * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 (#882) * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.0 to 0.10.1. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.0...v0.10.1) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Fix jwk cache docs (#885) * Fix example comment * Upon re-reading, this sentence does not need to exist * autodoc updates (#886) Co-authored-by: lestrrat <[email protected]> * Bump actions/setup-go from 3 to 4 (#887) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Allow "none" algorithm when signing with explicit option (#890) * Add test case for #888 * Catch the use of "none" when used in conjunction with jws.WithKey * first pass implementing (jwt/jws).Sign that allows alg="none" * regenerate jwt options * appease linter * Check for jws.Sign/Verify * OK to _sign_ using `none`, but no verification * Tweak Changes * typo (#893) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 (#892) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.1 to 0.10.2. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.1...v0.10.2) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Oleksandr Redko <[email protected]> Co-authored-by: Mitsuo Heijo <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lestrrat <[email protected]>

* Update deps * Protect jws.Verify() and jwe.Encrypt() from panic on go1.19+ (#841) * Protect jws.Verify() from panic on go1.19+ * Same problem, but in jwe * Update Changes * fix example (#843) I have a feeling we inadvertently reverted some commit * Action updates, doc tweaks (#844) * Use tparse (#845) * Use tparse * s/all/alltags/ * fix typo (#846) * fix typo (#847) * Bump kentaro-m/auto-assign-action from 1.2.0 to 1.2.4 (#848) Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.0 to 1.2.4. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.0...v1.2.4) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump codecov/codecov-action from 1 to 3 (#849) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v1...v3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Work with invalid JWT buffers better (#851) * Work with invalid JWT buffers better * spelling * Update Changes * typo * Tweak Changes * Update Changes * Bump github.com/goccy/go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.11 to 0.10.0. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.9.11...v0.10.0) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/lestrrat-go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/lestrrat-go/option/releases) - [Commits](lestrrat-go/option@v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/option dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/stale from 6 to 7 (#859) Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Tweak v2 tests (#863) * Port changes from #862 * Actually report errors * fix expected result * Unbeknownst to me, benchstat seems to have changed * Update Contribution Guidelines * Fix generated header file comments (#867) The generated file header should match regexp: ^// Code generated .* DO NOT EDIT\.$ See https://golang.org/s/generatedcode. * Remove unused variables in ReadFile (#866) * Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tool deps (#869) * Try updating tools for genjwt * Update genjws * Update genjwe * Update genjwk * Update genjwa * Update genjwk * Updage genoptions * Update genreadfile * Fix PEM armor for EC private keys when encoding (#876) * Incorporate #875 * Test PEM roundtrip for other key types * Use more constants * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#873) * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Create codeql.yml * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877) * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run go get and make tidy --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Add bazel support (#880) * Attempt to enable bazel * enable bazel building in smoke tests too * tweak order * Add explicit imports * Add deps.bzl * remove unused file reference * Add missing BUILD file * Add missing BUILD file * add missing BUILD.bazel files * add .bazelversion * Add aspect presets * Update Changes/README * Create an auto-merge action for dependabot (#884) * Create an auto-merge action for dependabot * approve and merge * indent * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 (#882) * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.0 to 0.10.1. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.0...v0.10.1) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Fix jwk cache docs (#885) * Fix example comment * Upon re-reading, this sentence does not need to exist * autodoc updates (#886) Co-authored-by: lestrrat <[email protected]> * Bump actions/setup-go from 3 to 4 (#887) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Allow "none" algorithm when signing with explicit option (#890) * Add test case for #888 * Catch the use of "none" when used in conjunction with jws.WithKey * first pass implementing (jwt/jws).Sign that allows alg="none" * regenerate jwt options * appease linter * Check for jws.Sign/Verify * OK to _sign_ using `none`, but no verification * Tweak Changes * typo (#893) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 (#892) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.1 to 0.10.2. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.1...v0.10.2) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Bump github.com/goccy/go-json from 0.9.11 to 0.10.0 (#855) Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.11 to 0.10.0. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.9.11...v0.10.0) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/lestrrat-go/option from 1.0.0 to 1.0.1 (#858) Bumps [github.com/lestrrat-go/option](https://github.com/lestrrat-go/option) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/lestrrat-go/option/releases) - [Commits](lestrrat-go/option@v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/option dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/stale from 6 to 7 (#859) Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Tweak v2 tests (#863) * Port changes from #862 * Actually report errors * fix expected result * Unbeknownst to me, benchstat seems to have changed * Update Contribution Guidelines * Fix generated header file comments (#867) The generated file header should match regexp: ^// Code generated .* DO NOT EDIT\.$ See https://golang.org/s/generatedcode. * Remove unused variables in ReadFile (#866) * Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 (#868) Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](kentaro-m/auto-assign-action@v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tool deps (#869) * Try updating tools for genjwt * Update genjws * Update genjwe * Update genjwk * Update genjwa * Update genjwk * Updage genoptions * Update genreadfile * Fix PEM armor for EC private keys when encoding (#876) * Incorporate #875 * Test PEM roundtrip for other key types * Use more constants * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 (#871) * Bump golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220427172511-eb4f295cb31f to 0.6.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/commits/v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#873) * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * run appropriate `go get` and `go mod tidy` all over --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Create codeql.yml * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#877) * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run go get and make tidy --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Add bazel support (#880) * Attempt to enable bazel * enable bazel building in smoke tests too * tweak order * Add explicit imports * Add deps.bzl * remove unused file reference * Add missing BUILD file * Add missing BUILD file * add missing BUILD.bazel files * add .bazelversion * Add aspect presets * Update Changes/README * Create an auto-merge action for dependabot (#884) * Create an auto-merge action for dependabot * approve and merge * indent * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 (#882) * Bump github.com/goccy/go-json from 0.10.0 to 0.10.1 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.0 to 0.10.1. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.0...v0.10.1) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Fix jwk cache docs (#885) * Fix example comment * Upon re-reading, this sentence does not need to exist * autodoc updates (#886) Co-authored-by: lestrrat <[email protected]> * Bump actions/setup-go from 3 to 4 (#887) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Allow "none" algorithm when signing with explicit option (#890) * Add test case for #888 * Catch the use of "none" when used in conjunction with jws.WithKey * first pass implementing (jwt/jws).Sign that allows alg="none" * regenerate jwt options * appease linter * Check for jws.Sign/Verify * OK to _sign_ using `none`, but no verification * Tweak Changes * typo (#893) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 (#892) * Bump github.com/goccy/go-json from 0.10.1 to 0.10.2 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.10.1 to 0.10.2. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.1...v0.10.2) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run make tidy + bazel --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Update Changes * Bump actions/stale from 7 to 8 (#895) Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v7...v8) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * tweak labels for dependabot (#899) * Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#897) * Bump golang.org/x/crypto from 0.7.0 to 0.8.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Run bazel //:gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Fix typo in "jwt.WithAudience" comment (#908) * Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.1.0 to 4.2.0 (#907) * Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.1.0 to 4.2.0 Bumps [github.com/decred/dcrd/dcrec/secp256k1/v4](https://github.com/decred/dcrd) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/decred/dcrd/releases) - [Changelog](https://github.com/decred/dcrd/blob/master/CHANGES) - [Commits](decred/dcrd@blockchain/v4.1.0...dcrec/secp256k1/v4.2.0) --- updated-dependencies: - dependency-name: github.com/decred/dcrd/dcrec/secp256k1/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run make tidy + bazel run //:gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Precompute RSA key values so that tests succeed (#913) * Use a symmetric key for example purposes (#914) * autodoc updates (#915) Co-authored-by: lestrrat <[email protected]> * Hook in jwa.RegisterXXX functions with jws.Register(Signer|Verifier) (#911) * First pass at connecting jws.Register(Signer|Verifier) with jwa.RegisterXXX * Tweak CI * Tweak docs * fix docs * protect access to signer/verifierDB * Update Changes * Allow use of segmentio/asm/base64 (#916) * Enable segmentio/asm/base64 and some internal API for pluggable base64 * Enable asmbase64 in CI * Add missing commands * Update bazel repos * Mention jwx_asmbase64 (#917) * Update README.md (#918) Fixed typo: convetion -> convention * use proper function name (#921) * Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#919) * Bump golang.org/x/crypto from 0.8.0 to 0.9.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](golang/crypto@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * run gaelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 in /examples (#923) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#927) * Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Run gazelle-update-repos --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Implement jwk.SetGlobalFetcher (#929) * Implement SetGlobalFetcher * Avoid using atomic.Bool so that it works on older Gos * Appease GitHub code scanner * Bad ineffectual assignment * tweak docs * oops, wrong issue number * Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#931) * Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update bazel repos * use specific tparse * change minimum go version in smoke tet --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <[email protected]> * Implement jwe.KeyEncrypter and jwe.KeyDecrypter (#925) * Implement jwe.KeyEncrypter and jwe.KeyDecrypter This allows users to specify a key who can encrypt/decrypt by itself, much like the built-in crypto.Signer interface. * Add experimental label to this feature * Update Changes --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Oleksandr Redko <[email protected]> Co-authored-by: Mitsuo Heijo <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lestrrat <[email protected]> Co-authored-by: Alessandro (Ale) Segala <[email protected]> Co-authored-by: wscalf <[email protected]>

dependabot bot added dependabot Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 16, 2023

lestrrat merged commit b44401e into develop/v2 Mar 18, 2023

lestrrat deleted the dependabot/github_actions/develop/v2/actions/setup-go-4 branch March 18, 2023 07:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/setup-go from 3 to 4 #887

Bump actions/setup-go from 3 to 4 #887

dependabot bot commented on behalf of github Mar 16, 2023

codecov bot commented Mar 16, 2023

Bump actions/setup-go from 3 to 4 #887

Bump actions/setup-go from 3 to 4 #887

Conversation

dependabot bot commented on behalf of github Mar 16, 2023

v4.0.0

Add support for stable and oldstable aliases

Stable

OldStable

Add support for go.work and pass the token input through on GHES

codecov bot commented Mar 16, 2023

Codecov Report