chore(deps): Update firebase/php-jwt requirement from ^5.2 to ^6.0
Created by: dependabot[bot]
Updates the requirements on firebase/php-jwt to permit the latest version.
Release notes
Sourced from firebase/php-jwt's releases.
v6.0.0
Backwards Compatibility Breaking Changes
- The second argument of
JWT::decode
now must beFirebase\JWT\Key
orarray<string, Firebase\JWT\Key>
(see #376)- The return type of
Firebase\JWT\JWK::parseKey
is nowFirebase\JWT\Key
(see #392)- The return type of
Firebase\JWT\JWK::parseKeySet
is nowarray<string, Firebase\JWT\Key>
(see #376)- The
JSON_UNESCAPED_SLASHES
is now used for JSON decoding (see #376)- Constants
ASN1_INTEGER
,ASN1_SEQUENCE
, andASN1_BIT_STRING
have been removed (see #376)JWT::encode
requires third argument$alg
(see #376)Using
Firebase\JWT\Key
Using the
Key
object inJWT::decode
As a security fix, to avoid key type confusion (see #351), use of
Firebase\JWT\Key
is now required when decoding:use Firebase\JWT\JWT; // previous (v5.5.1 and below) $decoded = JWT::decode($jwt, $publicKey, 'RS256'); // new (v6.0.0) use Firebase\JWT\Key; $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
Using the
Key
object inJWK::parseKey
andJWK::parseKeySet
Calls to
JWK::parseKey
andJWK::parseKeySet
now return aKey
object and an array ofKey
objects respectively.use Firebase\JWT\JWK; // previous (v5.5.1 and below) $key = JWK::parseKey($jwk); // $key is a resource $keys = JWK::parseKeySet($jwks); // $keys is an associative array key ID to resources // new (v6.0.0) $key = JWK::parseKey($jwk); // $key is a Key object $keys = JWK::parseKeySet($jwks); // $keys is an associative array of key ID to Key objects
Commits
-
0541cba
feat!: update return type for JWK methods (#392) -
8699eb9
chore: update changelog for v6.0.0 (#391) -
edda0f9
feat!: require Key object, use JSON_UNESCAPED_SLASHES, remove constants (#376) -
fbe6394
chore(docs): fix typo in README -
262f84c
chore: switch main to master (#383) -
12ec2fe
chore(docs): add throws DomainException for JWT::decode (#379) -
83b6090
fix: phpdoc and exception (#371) -
cf81444
chore: explicit third parameter to decode function in README -
bc0df64
feat: add Key object to prevent key/algorithm type confusion (#365) -
804585f
chore: add PHP 8.1 (#362) - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)