chore(deps): bump jsonwebtoken from 9.3.1 to 10.3.0#151
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Benchmark ResultsNo benchmarks configured. Add benchmarks to benches/ directory. Full results available in CI artifacts. |
Benchmark ResultsNo benchmarks configured. Add benchmarks to benches/ directory. Full results available in CI artifacts. |
Bumps [jsonwebtoken](https://github.com/Keats/jsonwebtoken) from 9.3.1 to 10.3.0. - [Changelog](https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](Keats/jsonwebtoken@v9.3.1...v10.3.0) --- updated-dependencies: - dependency-name: jsonwebtoken dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
jsonwebtoken v10 requires an explicit CryptoProvider. Enable rust_crypto feature since we only use HMAC-SHA256. Ignore RUSTSEC-2023-0071 (RSA timing side-channel) as transitive dep we never invoke.
zircote
force-pushed
the
dependabot/cargo/jsonwebtoken-10.3.0
branch
from
766b5cf to
40a5b2a
Compare
Benchmark ResultsNo benchmarks configured. Add benchmarks to benches/ directory. Full results available in CI artifacts. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #151 +/- ##
=======================================
Coverage 94.93% 94.93%
=======================================
Files 25 25
Lines 10183 10183
=======================================
Hits 9667 9667
Misses 516 516 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Benchmark ResultsNo benchmarks configured. Add benchmarks to benches/ directory. Full results available in CI artifacts. |
Benchmark ResultsNo benchmarks configured. Add benchmarks to benches/ directory. Full results available in CI artifacts. |
…t fixes The audit-full job runs daily without --ignore flags so we are notified when RUSTSEC-2023-0071 (or any future ignored advisory) gets a fix. It uses continue-on-error so it does not block PRs.
Benchmark ResultsNo benchmarks configured. Add benchmarks to benches/ directory. Full results available in CI artifacts. |
1 participant
Bumps jsonwebtoken from 9.3.1 to 10.3.0.
Changelog
Sourced from jsonwebtoken's changelog.
Commits
abbc307Fix type confusione99740dfix: bump minimal version requirements (#481)50d15e0Use try_sign to avoid panics (#479)245858fBump some dep122c2edBump action number in CI72e0c7fExpose cryptography backends via CryptoProvider (#452)53a3fc2Do not fail for clippy3226cfcPrepare for releasedfe58f9Remove unnecessary Clone bounds from decode functions (#458)9b3e19cFix function names in README (#457)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)