Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add jwe.WithCEK #1011

Merged
merged 7 commits into from
Nov 15, 2023
Merged

Add jwe.WithCEK #1011

merged 7 commits into from
Nov 15, 2023

Conversation

lestrrat
Copy link
Collaborator

No description provided.

@github-actions GitHub Actions
Copy link
Contributor

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 14 days.

@github-actions github-actions bot added the Stale label Nov 14, 2023
@lestrrat lestrrat removed the Stale label Nov 15, 2023
@codecov Codecov
Copy link

codecov bot commented Nov 15, 2023
edited
Loading

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (0a15b4d) 72.00% compared to head (070cb80) 72.05%.
Report is 1 commits behind head on develop/v2.

Files Patch % Lines
jwe/jwe.go 85.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@              Coverage Diff               @@
##           develop/v2    #1011      +/-   ##
==============================================
+ Coverage       72.00%   72.05%   +0.05%     
==============================================
  Files              93       89       -4     
  Lines           13795    13788       -7     
==============================================
+ Hits             9933     9935       +2     
+ Misses           3044     3035       -9     
  Partials          818      818

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lestrrat lestrrat marked this pull request as ready for review November 15, 2023 05:59
@lestrrat
Copy link
Collaborator Author

Although the original poster has not responded, I think this is not a problematic addition, as long as using the static CEK can't be sneaked in by mistake. so I'll merge it

@lestrrat lestrrat merged commit ea2c632 into develop/v2 Nov 15, 2023
@lestrrat lestrrat deleted the gh-1001 branch November 15, 2023 06:00
lestrrat added a commit that referenced this pull request Nov 20, 2023
@lestrrat @dependabot @sding3
v2.0.17 (#1019)
c02af3e 
* Bump golang.org/x/crypto from 0.14.0 to 0.15.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](golang/crypto@v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run gazelle-update-repos

* Add jwe.WithCEK (#1011)

* Add jwe.WithCEK

* Allow using a static CEK via EncryptStatic

* appease linter

* Update go.sum

* Docs

* Update generated options

* Add test

* clarify when jwk.Set.RemoveKey can return error (#1015)

* Remove signer instance upon call to jws.UnregisterSigner (#1017)

* Delete signer instance upon call to jws.UnregisterSigner

* Update Changes

* Tweak documentation (#1018)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shang Jian Ding <sding3@ncsu.edu>
lestrrat added a commit that referenced this pull request Dec 3, 2023
@lestrrat @dependabot @sding3
v2.0.18 (#1022)
e75b7c8 
* Bump golang.org/x/crypto from 0.14.0 to 0.15.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](golang/crypto@v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run gazelle-update-repos

* Add jwe.WithCEK (#1011)

* Add jwe.WithCEK

* Allow using a static CEK via EncryptStatic

* appease linter

* Update go.sum

* Docs

* Update generated options

* Add test

* clarify when jwk.Set.RemoveKey can return error (#1015)

* Remove signer instance upon call to jws.UnregisterSigner (#1017)

* Delete signer instance upon call to jws.UnregisterSigner

* Update Changes

* Tweak documentation (#1018)

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#1020)

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](golang/crypto@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run bazel and tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

* Merge pull request from GHSA-7f9x-gw85-8grf

* Update Changes

* Appease linter

* fix deps.bzl

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shang Jian Ding <sding3@ncsu.edu>
lestrrat added a commit that referenced this pull request Jan 9, 2024
@lestrrat @dependabot
@sding3 @frestr
v2.0.19 (#1051)
d69a721 
* Bump golang.org/x/crypto from 0.14.0 to 0.15.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](golang/crypto@v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run gazelle-update-repos

* Add jwe.WithCEK (#1011)

* Add jwe.WithCEK

* Allow using a static CEK via EncryptStatic

* appease linter

* Update go.sum

* Docs

* Update generated options

* Add test

* clarify when jwk.Set.RemoveKey can return error (#1015)

* Remove signer instance upon call to jws.UnregisterSigner (#1017)

* Delete signer instance upon call to jws.UnregisterSigner

* Update Changes

* Tweak documentation (#1018)

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#1020)

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](golang/crypto@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run bazel and tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com>

* Merge pull request from GHSA-7f9x-gw85-8grf

* Update Changes

* Appease linter

* fix deps.bzl

* Bump actions/setup-go from 4 to 5 (#1027)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/stale from 8 to 9 (#1029)

Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v8...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Merge #1044 (#1045)

* update all dependencies 12/19/2023

* Run gazelle-update-repos

---------

Co-authored-by: Nathan Lacey <nlacey@novetta.com>

* Update go version in go.mod to go1.18, which matches CI (#1046)

* Bump github/codeql-action from 2 to 3 (#1031)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add jws.IsVerificationError (#1049)

* Add jws.IsVerificationError

* tweak document

* Merge pull request from GHSA-pvcr-v8j8-j5q3

* Add tests for empty protected headers

* check for sig.protected == nil

* Add one more case for missing protected headers in compact form

* Update Changes

* JWS: Check for sig.protected == nil on non-flattened input

---------

Co-authored-by: Fredrik Strupe <fredrik@strupe.net>

* Update Changes

* fix typo

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shang Jian Ding <sding3@ncsu.edu>
Co-authored-by: Nathan Lacey <nlacey@novetta.com>
Co-authored-by: Fredrik Strupe <fredrik@strupe.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lestrrat