diff options
Diffstat (limited to 'vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md')
-rw-r--r-- | vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md b/vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md deleted file mode 100644 index b5039e4..0000000 --- a/vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md +++ /dev/null | |||
@@ -1,137 +0,0 @@ | |||
1 | # `jwt-go` Version History | ||
2 | |||
3 | The following version history is kept for historic purposes. To retrieve the current changes of each version, please refer to the change-log of the specific release versions on https://github.com/golang-jwt/jwt/releases. | ||
4 | |||
5 | ## 4.0.0 | ||
6 | |||
7 | * Introduces support for Go modules. The `v4` version will be backwards compatible with `v3.x.y`. | ||
8 | |||
9 | ## 3.2.2 | ||
10 | |||
11 | * Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16 ([#28](https://github.com/golang-jwt/jwt/pull/28)). | ||
12 | * Fixed a potential issue that could occur when the verification of `exp`, `iat` or `nbf` was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork ([#40](https://github.com/golang-jwt/jwt/pull/40)). | ||
13 | * Added support for EdDSA / ED25519 ([#36](https://github.com/golang-jwt/jwt/pull/36)). | ||
14 | * Optimized allocations ([#33](https://github.com/golang-jwt/jwt/pull/33)). | ||
15 | |||
16 | ## 3.2.1 | ||
17 | |||
18 | * **Import Path Change**: See MIGRATION_GUIDE.md for tips on updating your code | ||
19 | * Changed the import path from `github.com/dgrijalva/jwt-go` to `github.com/golang-jwt/jwt` | ||
20 | * Fixed type confusing issue between `string` and `[]string` in `VerifyAudience` ([#12](https://github.com/golang-jwt/jwt/pull/12)). This fixes CVE-2020-26160 | ||
21 | |||
22 | #### 3.2.0 | ||
23 | |||
24 | * Added method `ParseUnverified` to allow users to split up the tasks of parsing and validation | ||
25 | * HMAC signing method returns `ErrInvalidKeyType` instead of `ErrInvalidKey` where appropriate | ||
26 | * Added options to `request.ParseFromRequest`, which allows for an arbitrary list of modifiers to parsing behavior. Initial set include `WithClaims` and `WithParser`. Existing usage of this function will continue to work as before. | ||
27 | * Deprecated `ParseFromRequestWithClaims` to simplify API in the future. | ||
28 | |||
29 | #### 3.1.0 | ||
30 | |||
31 | * Improvements to `jwt` command line tool | ||
32 | * Added `SkipClaimsValidation` option to `Parser` | ||
33 | * Documentation updates | ||
34 | |||
35 | #### 3.0.0 | ||
36 | |||
37 | * **Compatibility Breaking Changes**: See MIGRATION_GUIDE.md for tips on updating your code | ||
38 | * Dropped support for `[]byte` keys when using RSA signing methods. This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods. | ||
39 | * `ParseFromRequest` has been moved to `request` subpackage and usage has changed | ||
40 | * The `Claims` property on `Token` is now type `Claims` instead of `map[string]interface{}`. The default value is type `MapClaims`, which is an alias to `map[string]interface{}`. This makes it possible to use a custom type when decoding claims. | ||
41 | * Other Additions and Changes | ||
42 | * Added `Claims` interface type to allow users to decode the claims into a custom type | ||
43 | * Added `ParseWithClaims`, which takes a third argument of type `Claims`. Use this function instead of `Parse` if you have a custom type you'd like to decode into. | ||
44 | * Dramatically improved the functionality and flexibility of `ParseFromRequest`, which is now in the `request` subpackage | ||
45 | * Added `ParseFromRequestWithClaims` which is the `FromRequest` equivalent of `ParseWithClaims` | ||
46 | * Added new interface type `Extractor`, which is used for extracting JWT strings from http requests. Used with `ParseFromRequest` and `ParseFromRequestWithClaims`. | ||
47 | * Added several new, more specific, validation errors to error type bitmask | ||
48 | * Moved examples from README to executable example files | ||
49 | * Signing method registry is now thread safe | ||
50 | * Added new property to `ValidationError`, which contains the raw error returned by calls made by parse/verify (such as those returned by keyfunc or json parser) | ||
51 | |||
52 | #### 2.7.0 | ||
53 | |||
54 | This will likely be the last backwards compatible release before 3.0.0, excluding essential bug fixes. | ||
55 | |||
56 | * Added new option `-show` to the `jwt` command that will just output the decoded token without verifying | ||
57 | * Error text for expired tokens includes how long it's been expired | ||
58 | * Fixed incorrect error returned from `ParseRSAPublicKeyFromPEM` | ||
59 | * Documentation updates | ||
60 | |||
61 | #### 2.6.0 | ||
62 | |||
63 | * Exposed inner error within ValidationError | ||
64 | * Fixed validation errors when using UseJSONNumber flag | ||
65 | * Added several unit tests | ||
66 | |||
67 | #### 2.5.0 | ||
68 | |||
69 | * Added support for signing method none. You shouldn't use this. The API tries to make this clear. | ||
70 | * Updated/fixed some documentation | ||
71 | * Added more helpful error message when trying to parse tokens that begin with `BEARER ` | ||
72 | |||
73 | #### 2.4.0 | ||
74 | |||
75 | * Added new type, Parser, to allow for configuration of various parsing parameters | ||
76 | * You can now specify a list of valid signing methods. Anything outside this set will be rejected. | ||
77 | * You can now opt to use the `json.Number` type instead of `float64` when parsing token JSON | ||
78 | * Added support for [Travis CI](https://travis-ci.org/dgrijalva/jwt-go) | ||
79 | * Fixed some bugs with ECDSA parsing | ||
80 | |||
81 | #### 2.3.0 | ||
82 | |||
83 | * Added support for ECDSA signing methods | ||
84 | * Added support for RSA PSS signing methods (requires go v1.4) | ||
85 | |||
86 | #### 2.2.0 | ||
87 | |||
88 | * Gracefully handle a `nil` `Keyfunc` being passed to `Parse`. Result will now be the parsed token and an error, instead of a panic. | ||
89 | |||
90 | #### 2.1.0 | ||
91 | |||
92 | Backwards compatible API change that was missed in 2.0.0. | ||
93 | |||
94 | * The `SignedString` method on `Token` now takes `interface{}` instead of `[]byte` | ||
95 | |||
96 | #### 2.0.0 | ||
97 | |||
98 | There were two major reasons for breaking backwards compatibility with this update. The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations. There will likely be no required code changes to support this change. | ||
99 | |||
100 | The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods. Not all keys used for all signing methods have a single standard on-disk representation. Requiring `[]byte` as the type for all keys proved too limiting. Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys. Backwards compatibilty has been maintained for passing `[]byte` to the RSA signing methods, but they will also accept `*rsa.PublicKey` and `*rsa.PrivateKey`. | ||
101 | |||
102 | It is likely the only integration change required here will be to change `func(t *jwt.Token) ([]byte, error)` to `func(t *jwt.Token) (interface{}, error)` when calling `Parse`. | ||
103 | |||
104 | * **Compatibility Breaking Changes** | ||
105 | * `SigningMethodHS256` is now `*SigningMethodHMAC` instead of `type struct` | ||
106 | * `SigningMethodRS256` is now `*SigningMethodRSA` instead of `type struct` | ||
107 | * `KeyFunc` now returns `interface{}` instead of `[]byte` | ||
108 | * `SigningMethod.Sign` now takes `interface{}` instead of `[]byte` for the key | ||
109 | * `SigningMethod.Verify` now takes `interface{}` instead of `[]byte` for the key | ||
110 | * Renamed type `SigningMethodHS256` to `SigningMethodHMAC`. Specific sizes are now just instances of this type. | ||
111 | * Added public package global `SigningMethodHS256` | ||
112 | * Added public package global `SigningMethodHS384` | ||
113 | * Added public package global `SigningMethodHS512` | ||
114 | * Renamed type `SigningMethodRS256` to `SigningMethodRSA`. Specific sizes are now just instances of this type. | ||
115 | * Added public package global `SigningMethodRS256` | ||
116 | * Added public package global `SigningMethodRS384` | ||
117 | * Added public package global `SigningMethodRS512` | ||
118 | * Moved sample private key for HMAC tests from an inline value to a file on disk. Value is unchanged. | ||
119 | * Refactored the RSA implementation to be easier to read | ||
120 | * Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM` | ||
121 | |||
122 | ## 1.0.2 | ||
123 | |||
124 | * Fixed bug in parsing public keys from certificates | ||
125 | * Added more tests around the parsing of keys for RS256 | ||
126 | * Code refactoring in RS256 implementation. No functional changes | ||
127 | |||
128 | ## 1.0.1 | ||
129 | |||
130 | * Fixed panic if RS256 signing method was passed an invalid key | ||
131 | |||
132 | ## 1.0.0 | ||
133 | |||
134 | * First versioned release | ||
135 | * API stabilized | ||
136 | * Supports creating, signing, parsing, and validating JWT tokens | ||
137 | * Supports RS256 and HS256 signing methods | ||