This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 96d300e9d7 Bump github.com/lestrrat-go/jwx from 1.2.26 to 1.2.27
(#7924)
96d300e9d7 is described below
commit 96d300e9d7177dfb98439d18af8ca4f828f33075
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Wed Jan 24 01:17:57 2024 -0700
Bump github.com/lestrrat-go/jwx from 1.2.26 to 1.2.27 (#7924)
Bumps [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) from
1.2.26 to 1.2.27.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v1.2.27/Changes)
- [Commits](https://github.com/lestrrat-go/jwx/compare/v1.2.26...v1.2.27)
---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 10 ++---
go.sum | 19 +++++----
.../lestrrat-go/blackmagic/blackmagic.go | 46 +++++++++++++++++++---
vendor/github.com/lestrrat-go/jwx/.golangci.yml | 10 +++++
vendor/github.com/lestrrat-go/jwx/Changes | 12 ++++++
vendor/github.com/lestrrat-go/jwx/jwe/decrypt.go | 1 +
vendor/github.com/lestrrat-go/jwx/jwe/headers.go | 2 +-
vendor/github.com/lestrrat-go/jwx/jwe/interface.go | 7 ++--
.../lestrrat-go/jwx/jwe/internal/keyenc/keyenc.go | 2 +-
vendor/github.com/lestrrat-go/jwx/jwe/jwe.go | 6 +--
vendor/github.com/lestrrat-go/jwx/jwe/message.go | 5 +++
vendor/github.com/lestrrat-go/jwx/jwk/interface.go | 1 -
vendor/github.com/lestrrat-go/jwx/jwk/jwk.go | 18 ++++-----
vendor/github.com/lestrrat-go/jwx/jwk/key_ops.go | 2 +
vendor/github.com/lestrrat-go/jwx/jwk/refresh.go | 25 ++++++------
vendor/github.com/lestrrat-go/jwx/jwk/set.go | 4 +-
vendor/github.com/lestrrat-go/jwx/jws/es256k.go | 1 +
vendor/github.com/lestrrat-go/jwx/jws/headers.go | 2 +-
vendor/github.com/lestrrat-go/jwx/jws/interface.go | 8 ++--
vendor/github.com/lestrrat-go/jwx/jws/jws.go | 11 +++---
vendor/github.com/lestrrat-go/jwx/jwt/http.go | 12 +++---
vendor/github.com/lestrrat-go/jwx/jwt/jwt.go | 9 ++---
vendor/github.com/lestrrat-go/jwx/jwt/options.go | 20 +++++-----
vendor/github.com/lestrrat-go/jwx/jwt/serialize.go | 14 +++----
vendor/github.com/lestrrat-go/jwx/jwx.go | 10 ++---
vendor/modules.txt | 17 ++++----
26 files changed, 168 insertions(+), 106 deletions(-)
diff --git a/go.mod b/go.mod
index 4b141c3d42..c15dfde074 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
github.com/json-iterator/go v1.1.12
github.com/kelseyhightower/envconfig v1.4.0
github.com/kylelemons/godebug v1.1.1-0.20201107061927-e693023230a4
- github.com/lestrrat-go/jwx v1.2.26
+ github.com/lestrrat-go/jwx v1.2.27
github.com/lib/pq v1.10.4
github.com/miekg/dns v1.1.43
github.com/onsi/ginkgo v1.16.5
@@ -48,9 +48,9 @@ require (
github.com/pborman/getopt/v2 v2.1.0
github.com/pkg/errors v0.9.1
go.etcd.io/bbolt v1.3.6
- golang.org/x/crypto v0.9.0
+ golang.org/x/crypto v0.16.0
golang.org/x/net v0.10.0
- golang.org/x/sys v0.8.0
+ golang.org/x/sys v0.15.0
gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
@@ -67,7 +67,7 @@ require (
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/go-multierror v1.1.0 // indirect
github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
- github.com/lestrrat-go/blackmagic v1.0.1 // indirect
+ github.com/lestrrat-go/blackmagic v1.0.2 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/option v1.0.1 // indirect
@@ -95,7 +95,7 @@ require (
github.com/jcmturner/gofork v1.0.0 // indirect
github.com/pierrec/lz4 v2.5.2+incompatible // indirect
github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 //
indirect
- golang.org/x/text v0.9.0 // indirect
+ golang.org/x/text v0.14.0 // indirect
gopkg.in/jcmturner/aescts.v1 v1.0.1 // indirect
gopkg.in/jcmturner/dnsutils.v1 v1.0.1 // indirect
gopkg.in/jcmturner/gokrb5.v7 v7.5.0 // indirect
diff --git a/go.sum b/go.sum
index 1b5971b37e..e4e316b934 100644
--- a/go.sum
+++ b/go.sum
@@ -938,14 +938,14 @@ github.com/labstack/echo/v4 v4.2.1/go.mod
h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4F
github.com/labstack/gommon v0.3.0/go.mod
h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
github.com/lestrrat-go/backoff/v2 v2.0.8
h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod
h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
-github.com/lestrrat-go/blackmagic v1.0.1
h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
-github.com/lestrrat-go/blackmagic v1.0.1/go.mod
h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/blackmagic v1.0.2
h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod
h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
github.com/lestrrat-go/httpcc v1.0.1
h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
github.com/lestrrat-go/httpcc v1.0.1/go.mod
h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
github.com/lestrrat-go/iter v1.0.2
h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
github.com/lestrrat-go/iter v1.0.2/go.mod
h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx v1.2.26
h1:4iFo8FPRZGDYe1t19mQP0zTRqA7n8HnJ5lkIiDvJcB0=
-github.com/lestrrat-go/jwx v1.2.26/go.mod
h1:MaiCdGbn3/cckbOFSCluJlJMmp9dmZm5hDuIkx8ftpQ=
+github.com/lestrrat-go/jwx v1.2.27
h1:cvnTnda/YzdyFuWdEAMkI6BsLtItSrASEVCI3C/IUEQ=
+github.com/lestrrat-go/jwx v1.2.27/go.mod
h1:Stob9LjSqR3lOmNdxF0/TvZo60V3hUGv8Fr7Bwzla3k=
github.com/lestrrat-go/option v1.0.0/go.mod
h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
github.com/lestrrat-go/option v1.0.1
h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
github.com/lestrrat-go/option v1.0.1/go.mod
h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
@@ -1429,8 +1429,8 @@ golang.org/x/crypto
v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWP
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod
h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod
h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod
h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1699,13 +1699,15 @@ golang.org/x/sys
v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod
h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.15.0/go.mod
h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1717,8 +1719,9 @@ golang.org/x/text v0.3.5/go.mod
h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
b/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
index 8d1d468543..aa5704a21a 100644
--- a/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
+++ b/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
@@ -5,6 +5,43 @@ import (
"reflect"
)
+// AssignField is a convenience function to assign a value to
+// an optional struct field. In Go, an optional struct field is
+// usually denoted by a pointer to T instead of T:
+//
+// type Object struct {
+// Optional *T
+// }
+//
+// This gets a bit cumbersome when you want to assign literals
+// or you do not want to worry about taking the address of a
+// variable.
+//
+// Object.Optional = &"foo" // doesn't compile!
+//
+// Instead you can use this function to do it in one line:
+//
+// blackmagic.AssignOptionalField(&Object.Optionl, "foo")
+func AssignOptionalField(dst, src interface{}) error {
+ dstRV := reflect.ValueOf(dst)
+ srcRV := reflect.ValueOf(src)
+ if dstRV.Kind() != reflect.Pointer || dstRV.Elem().Kind() !=
reflect.Pointer {
+ return fmt.Errorf(`dst must be a pointer to a field that is
turn a pointer of src (%T)`, src)
+ }
+
+ if !dstRV.Elem().CanSet() {
+ return fmt.Errorf(`dst (%T) is not assignable`,
dstRV.Elem().Interface())
+ }
+ if !reflect.PtrTo(srcRV.Type()).AssignableTo(dstRV.Elem().Type()) {
+ return fmt.Errorf(`cannot assign src (%T) to dst (%T)`, src,
dst)
+ }
+
+ ptr := reflect.New(srcRV.Type())
+ ptr.Elem().Set(srcRV)
+ dstRV.Elem().Set(ptr)
+ return nil
+}
+
// AssignIfCompatible is a convenience function to safely
// assign arbitrary values. dst must be a pointer to an
// empty interface, or it must be a pointer to a compatible
@@ -15,19 +52,18 @@ func AssignIfCompatible(dst, src interface{}) error {
// t can be a pointer or a slice, and the code will slightly change
// depending on this
+ var isPtr bool
var isSlice bool
switch result.Kind() {
case reflect.Ptr:
- // no op
+ isPtr = true
case reflect.Slice:
isSlice = true
- default:
- return fmt.Errorf("argument t to AssignIfCompatible must be a
pointer or a slice: %T", src)
}
rv := reflect.ValueOf(dst)
if rv.Kind() != reflect.Ptr {
- return fmt.Errorf(`argument to AssignIfCompatible() must be a
pointer: %T`, dst)
+ return fmt.Errorf(`destination argument to AssignIfCompatible()
must be a pointer: %T`, dst)
}
actualDst := rv.Elem()
@@ -37,7 +73,7 @@ func AssignIfCompatible(dst, src interface{}) error {
default:
// If it's a pointer to the struct we're looking for, we need
to set
// the de-referenced struct
- if !isSlice {
+ if !isSlice && isPtr {
result = result.Elem()
}
}
diff --git a/vendor/github.com/lestrrat-go/jwx/.golangci.yml
b/vendor/github.com/lestrrat-go/jwx/.golangci.yml
index f2b0845290..b07a8c3bbd 100644
--- a/vendor/github.com/lestrrat-go/jwx/.golangci.yml
+++ b/vendor/github.com/lestrrat-go/jwx/.golangci.yml
@@ -10,10 +10,14 @@ linters-settings:
linters:
enable-all: true
disable:
+ - contextcheck
- cyclop
+ - depguard
+ - deadcode # deprecated
- dupl
- exhaustive
- exhaustivestruct
+ - exhaustruct
- errorlint
- funlen
- gci
@@ -30,22 +34,28 @@ linters:
- gomnd
- gomoddirectives # I think it's broken
- gosec
+ - gosmopolitan
- govet
- interfacer # deprecated
+ - interfacebloat
- ifshort
- ireturn # No, I _LIKE_ returning interfaces
- lll
- maintidx # Do this in code review
- maligned # deprecated
- makezero
+ - nonamedreturns
- nakedret
- nestif
- nlreturn
+ - nosnakecase # deprecated
- paralleltest
- scopelint # deprecated
+ - structcheck # deprecated
- tagliatelle
- testpackage
- thelper # Tests are fine
+ - varcheck # deprecated
- varnamelen # Short names are ok
- wrapcheck
- wsl
diff --git a/vendor/github.com/lestrrat-go/jwx/Changes
b/vendor/github.com/lestrrat-go/jwx/Changes
index 428b16f65e..b5ad318258 100644
--- a/vendor/github.com/lestrrat-go/jwx/Changes
+++ b/vendor/github.com/lestrrat-go/jwx/Changes
@@ -1,6 +1,18 @@
Changes
=======
+v1.2.27 - 03 Dec 2023
+[Security]
+ * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could
cause a DoS attack,
+ similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083. All users
should upgrade, as
+ unlike v2, v1 attempts to decrypt JWEs on JWTs by default.
+ [GHSA-7f9x-gw85-8grf]
+
+[Bug Fixes]
+ * [jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously,
either
+ Set(.., <string>) or Set(..., []jwk.KeyOperation{...}) worked, but not a
single
+ jwk.KeyOperation
+
v1.2.26 - 14 Jun 2023
[Security]
* Potential Padding Oracle Attack Vulnerability and Timing Attack
Vulnerability
diff --git a/vendor/github.com/lestrrat-go/jwx/jwe/decrypt.go
b/vendor/github.com/lestrrat-go/jwx/jwe/decrypt.go
index 4fc2ef30d6..863f59156b 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwe/decrypt.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwe/decrypt.go
@@ -22,6 +22,7 @@ import (
// Decrypter is responsible for taking various components to decrypt a message.
// its operation is not concurrency safe. You must provide locking yourself
+//
//nolint:govet
type Decrypter struct {
aad []byte
diff --git a/vendor/github.com/lestrrat-go/jwx/jwe/headers.go
b/vendor/github.com/lestrrat-go/jwx/jwe/headers.go
index eacbfda011..3310240f0f 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwe/headers.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwe/headers.go
@@ -69,7 +69,7 @@ func (h *stdHeaders) Clone(ctx context.Context) (Headers,
error) {
return dst, nil
}
-func (h *stdHeaders) Copy(ctx context.Context, dst Headers) error {
+func (h *stdHeaders) Copy(_ context.Context, dst Headers) error {
for _, pair := range h.makePairs() {
//nolint:forcetypeassert
key := pair.Key.(string)
diff --git a/vendor/github.com/lestrrat-go/jwx/jwe/interface.go
b/vendor/github.com/lestrrat-go/jwx/jwe/interface.go
index c231208832..0807413326 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwe/interface.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwe/interface.go
@@ -31,15 +31,16 @@ type stdRecipient struct {
// For example, it is totally valid for if the protected header's
// integrity was calculated using a non-standard line breaks:
//
-// {"a dummy":
-// "protected header"}
+// {"a dummy":
+// "protected header"}
//
// Once parsed, though, we can only serialize the protected header as:
//
-// {"a dummy":"protected header"}
+// {"a dummy":"protected header"}
//
// which would obviously result in a contradicting integrity value
// if we tried to re-calculate it from a parsed message.
+//
//nolint:govet
type Message struct {
authenticatedData []byte
diff --git a/vendor/github.com/lestrrat-go/jwx/jwe/internal/keyenc/keyenc.go
b/vendor/github.com/lestrrat-go/jwx/jwe/internal/keyenc/keyenc.go
index 706816ee42..8593212718 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwe/internal/keyenc/keyenc.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwe/internal/keyenc/keyenc.go
@@ -47,7 +47,7 @@ func (kw *Noop) KeyID() string {
return kw.keyID
}
-func (kw *Noop) Encrypt(cek []byte) (keygen.ByteSource, error) {
+func (kw *Noop) Encrypt(_ []byte) (keygen.ByteSource, error) {
return keygen.ByteKey(kw.sharedkey), nil
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwe/jwe.go
b/vendor/github.com/lestrrat-go/jwx/jwe/jwe.go
index 8b45287f26..d26d14c222 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwe/jwe.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwe/jwe.go
@@ -365,13 +365,13 @@ func parseCompact(buf []byte, storeProtectedHeaders bool)
(*Message, error) {
//
// In that case you would register a custom field as follows
//
-// jwe.RegisterCustomField(`x-birthday`, timeT)
+// jwe.RegisterCustomField(`x-birthday`, timeT)
//
// Then `hdr.Get("x-birthday")` will still return an `interface{}`,
// but you can convert its type to `time.Time`
//
-// bdayif, _ := hdr.Get(`x-birthday`)
-// bday := bdayif.(time.Time)
+// bdayif, _ := hdr.Get(`x-birthday`)
+// bday := bdayif.(time.Time)
func RegisterCustomField(name string, object interface{}) {
registry.Register(name, object)
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwe/message.go
b/vendor/github.com/lestrrat-go/jwx/jwe/message.go
index 6609a69240..9559877e33 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwe/message.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwe/message.go
@@ -612,6 +612,11 @@ func doDecryptCtx(dctx *decryptCtx) ([]byte, error) {
if !ok {
return nil, errors.Errorf("unexpected type for
'p2c': %T", count)
}
+ // in v1, this number is hardcoded to 10000. Use v2 if
you need to
+ // finetune this value
+ if countFlt > 10000 {
+ return nil, errors.Errorf("invalid value for
'p2c'")
+ }
salt, err := base64.DecodeString(saltB64Str)
if err != nil {
return nil, errors.Wrap(err, "failed to
b64-decode 'salt'")
diff --git a/vendor/github.com/lestrrat-go/jwx/jwk/interface.go
b/vendor/github.com/lestrrat-go/jwx/jwk/interface.go
index 9182f71242..326097dcdd 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwk/interface.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwk/interface.go
@@ -53,7 +53,6 @@ const (
// Such private parameters can be accessed via the `Field()` method.
// If a resource contains a single JWK instead of a JWK set, private parameters
// are stored in _both_ the resulting `jwk.Set` object and the `jwk.Key`
object .
-//
type Set interface {
// Add adds the specified key. If the key already exists in the set, it
is
// not added.
diff --git a/vendor/github.com/lestrrat-go/jwx/jwk/jwk.go
b/vendor/github.com/lestrrat-go/jwx/jwk/jwk.go
index 0ef377c959..453ecf4431 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwk/jwk.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwk/jwk.go
@@ -39,10 +39,10 @@ func bigIntToBytes(n *big.Int) ([]byte, error) {
// The constructor auto-detects the type of key to be instantiated
// based on the input type:
//
-// * "crypto/rsa".PrivateKey and "crypto/rsa".PublicKey creates an RSA based
key
-// * "crypto/ecdsa".PrivateKey and "crypto/ecdsa".PublicKey creates an EC
based key
-// * "crypto/ed25519".PrivateKey and "crypto/ed25519".PublicKey creates an
OKP based key
-// * []byte creates a symmetric key
+// - "crypto/rsa".PrivateKey and "crypto/rsa".PublicKey creates an RSA based
key
+// - "crypto/ecdsa".PrivateKey and "crypto/ecdsa".PublicKey creates an EC
based key
+// - "crypto/ed25519".PrivateKey and "crypto/ed25519".PublicKey creates an
OKP based key
+// - []byte creates a symmetric key
func New(key interface{}) (Key, error) {
if key == nil {
return nil, errors.New(`jwk.New requires a non-nil key`)
@@ -636,8 +636,7 @@ func cloneKey(src Key) (Key, error) {
// Pem serializes the given jwk.Key in PEM encoded ASN.1 DER format,
// using either PKCS8 for private keys and PKIX for public keys.
// If you need to encode using PKCS1 or SEC1, you must do it yourself.
-//
-// Argument must be of type jwk.Key or jwk.Set
+// The argument to this function must be of type jwk.Key or jwk.Set
//
// Currently only EC (including Ed25519) and RSA keys (and jwk.Set
// comprised of these key types) are supported.
@@ -706,14 +705,13 @@ func asnEncode(key Key) (string, []byte, error) {
//
// In that case you would register a custom field as follows
//
-// jwk.RegisterCustomField(`x-birthday`, timeT)
+// jwk.RegisterCustomField(`x-birthday`, timeT)
//
// Then `key.Get("x-birthday")` will still return an `interface{}`,
// but you can convert its type to `time.Time`
//
-// bdayif, _ := key.Get(`x-birthday`)
-// bday := bdayif.(time.Time)
-//
+// bdayif, _ := key.Get(`x-birthday`)
+// bday := bdayif.(time.Time)
func RegisterCustomField(name string, object interface{}) {
registry.Register(name, object)
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwk/key_ops.go
b/vendor/github.com/lestrrat-go/jwx/jwk/key_ops.go
index 01435f3c42..bc12efa5be 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwk/key_ops.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwk/key_ops.go
@@ -13,6 +13,8 @@ func (ops *KeyOperationList) Accept(v interface{}) error {
switch x := v.(type) {
case string:
return ops.Accept([]string{x})
+ case KeyOperation:
+ return ops.Accept([]KeyOperation{x})
case []interface{}:
l := make([]string, len(x))
for i, e := range x {
diff --git a/vendor/github.com/lestrrat-go/jwx/jwk/refresh.go
b/vendor/github.com/lestrrat-go/jwx/jwk/refresh.go
index 0a8f75452a..e79ab7e819 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwk/refresh.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwk/refresh.go
@@ -18,8 +18,8 @@ import (
// Before retrieving the jwk.Set objects, the user must pre-register the
// URLs they intend to use by calling `Configure()`
//
-// ar := jwk.NewAutoRefresh(ctx)
-// ar.Configure(url, options...)
+// ar := jwk.NewAutoRefresh(ctx)
+// ar.Configure(url, options...)
//
// Once registered, you can call `Fetch()` to retrieve the jwk.Set object.
//
@@ -104,14 +104,14 @@ type resetTimerReq struct {
// should mostly be set to a context that ends when the main loop/part of your
// program exits:
//
-// func MainLoop() {
-// ctx, cancel := context.WithCancel(context.Background())
-// defer cancel()
-// ar := jwk.AutoRefresh(ctx)
-// for ... {
-// ...
-// }
-// }
+// func MainLoop() {
+// ctx, cancel := context.WithCancel(context.Background())
+// defer cancel()
+// ar := jwk.AutoRefresh(ctx)
+// for ... {
+// ...
+// }
+// }
func NewAutoRefresh(ctx context.Context) *AutoRefresh {
af := &AutoRefresh{
cache: make(map[string]Set),
@@ -154,8 +154,9 @@ func (af *AutoRefresh) Remove(url string) error {
// Note that options are treated as a whole -- you can't just update
// one value. For example, if you did:
//
-// ar.Configure(url, jwk.WithHTTPClient(...))
-// ar.Configure(url, jwk.WithRefreshInterval(...))
+// ar.Configure(url, jwk.WithHTTPClient(...))
+// ar.Configure(url, jwk.WithRefreshInterval(...))
+//
// The the end result is that `url` is ONLY associated with the options
// given in the second call to `Configure()`, i.e. `jwk.WithRefreshInterval`.
// The other unspecified options, including the HTTP client, is set to
diff --git a/vendor/github.com/lestrrat-go/jwx/jwk/set.go
b/vendor/github.com/lestrrat-go/jwx/jwk/set.go
index d5e844af75..73ffcf540d 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwk/set.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwk/set.go
@@ -296,8 +296,6 @@ func (s *set) Clone() (Set, error) {
s2.keys = make([]Key, len(s.keys))
- for i := 0; i < len(s.keys); i++ {
- s2.keys[i] = s.keys[i]
- }
+ copy(s2.keys, s.keys)
return s2, nil
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jws/es256k.go
b/vendor/github.com/lestrrat-go/jwx/jws/es256k.go
index fd5db88e80..d421988c6d 100644
--- a/vendor/github.com/lestrrat-go/jwx/jws/es256k.go
+++ b/vendor/github.com/lestrrat-go/jwx/jws/es256k.go
@@ -1,3 +1,4 @@
+//go:build jwx_es256k
// +build jwx_es256k
package jws
diff --git a/vendor/github.com/lestrrat-go/jwx/jws/headers.go
b/vendor/github.com/lestrrat-go/jwx/jws/headers.go
index 9ca8f656e9..744f0071eb 100644
--- a/vendor/github.com/lestrrat-go/jwx/jws/headers.go
+++ b/vendor/github.com/lestrrat-go/jwx/jws/headers.go
@@ -34,7 +34,7 @@ func (h *stdHeaders) AsMap(ctx context.Context)
(map[string]interface{}, error)
return iter.AsMap(ctx, h)
}
-func (h *stdHeaders) Copy(ctx context.Context, dst Headers) error {
+func (h *stdHeaders) Copy(_ context.Context, dst Headers) error {
for _, pair := range h.makePairs() {
//nolint:forcetypeassert
key := pair.Key.(string)
diff --git a/vendor/github.com/lestrrat-go/jwx/jws/interface.go
b/vendor/github.com/lestrrat-go/jwx/jws/interface.go
index aeee42b48f..407353c4d2 100644
--- a/vendor/github.com/lestrrat-go/jwx/jws/interface.go
+++ b/vendor/github.com/lestrrat-go/jwx/jws/interface.go
@@ -26,13 +26,13 @@ type DecodeCtx interface {
// For example, the protected header `eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9`
// decodes to
//
-// {"typ":"JWT",
-// "alg":"HS256"}
+// {"typ":"JWT",
+// "alg":"HS256"}
//
// However, when we parse this into a message, we create a jws.Header object,
// which, when we marshal into a JSON object again, becomes
//
-// {"typ":"JWT","alg":"HS256"}
+// {"typ":"JWT","alg":"HS256"}
//
// Notice that serialization lacks a line break and a space between `"JWT",`
// and `"alg"`. This causes a problem when verifying the signatures AFTER
@@ -42,7 +42,7 @@ type DecodeCtx interface {
// manifest itself. However, you may see this discrepancy when you manually
// go through these conversions, and/or use the `jwx` tool like so:
//
-// jwx jws parse message.jws | jwx jws verify --key somekey.jwk --stdin
+// jwx jws parse message.jws | jwx jws verify --key somekey.jwk --stdin
//
// In this scenario, the first `jwx jws parse` outputs a parsed jws.Message
// which is marshaled into JSON. At this point the message's protected
diff --git a/vendor/github.com/lestrrat-go/jwx/jws/jws.go
b/vendor/github.com/lestrrat-go/jwx/jws/jws.go
index 6908dd6bd1..4e00b6dd51 100644
--- a/vendor/github.com/lestrrat-go/jwx/jws/jws.go
+++ b/vendor/github.com/lestrrat-go/jwx/jws/jws.go
@@ -6,8 +6,8 @@
// If you do not care about the details, the only things that you
// would need to use are the following functions:
//
-// jws.Sign(payload, algorithm, key)
-// jws.Verify(encodedjws, algorithm, key)
+// jws.Sign(payload, algorithm, key)
+// jws.Verify(encodedjws, algorithm, key)
//
// To sign, simply use `jws.Sign`. `payload` is a []byte buffer that
// contains whatever data you want to sign. `alg` is one of the
@@ -892,14 +892,13 @@ func parse(protected, payload, signature []byte)
(*Message, error) {
//
// In that case you would register a custom field as follows
//
-// jwe.RegisterCustomField(`x-birthday`, timeT)
+// jwe.RegisterCustomField(`x-birthday`, timeT)
//
// Then `hdr.Get("x-birthday")` will still return an `interface{}`,
// but you can convert its type to `time.Time`
//
-// bdayif, _ := hdr.Get(`x-birthday`)
-// bday := bdayif.(time.Time)
-//
+// bdayif, _ := hdr.Get(`x-birthday`)
+// bday := bdayif.(time.Time)
func RegisterCustomField(name string, object interface{}) {
registry.Register(name, object)
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwt/http.go
b/vendor/github.com/lestrrat-go/jwx/jwt/http.go
index aaaf27f134..09b43155d8 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwt/http.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwt/http.go
@@ -50,14 +50,14 @@ func ParseForm(values url.Values, name string, options
...ParseOption) (Token, e
//
// If WithHeaderKey() is used, you must explicitly re-enable searching for
"Authorization" header.
//
-// # searches for "Authorization"
-// jwt.ParseRequest(req)
+// # searches for "Authorization"
+// jwt.ParseRequest(req)
//
-// # searches for "x-my-token" ONLY.
-// jwt.ParseRequest(req, jwt.WithHeaderKey("x-my-token"))
+// # searches for "x-my-token" ONLY.
+// jwt.ParseRequest(req, jwt.WithHeaderKey("x-my-token"))
//
-// # searches for "Authorization" AND "x-my-token"
-// jwt.ParseRequest(req, jwt.WithHeaderKey("Authorization"),
jwt.WithHeaderKey("x-my-token"))
+// # searches for "Authorization" AND "x-my-token"
+// jwt.ParseRequest(req, jwt.WithHeaderKey("Authorization"),
jwt.WithHeaderKey("x-my-token"))
func ParseRequest(req *http.Request, options ...ParseOption) (Token, error) {
var hdrkeys []string
var formkeys []string
diff --git a/vendor/github.com/lestrrat-go/jwx/jwt/jwt.go
b/vendor/github.com/lestrrat-go/jwx/jwt/jwt.go
index 13c153934a..332483362f 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwt/jwt.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwt/jwt.go
@@ -264,7 +264,7 @@ func verifyJWSWithKeySet(ctx *parseCtx, payload []byte)
([]byte, int, error) {
return nil, _JwsVerifyInvalid, errors.Wrapf(err,
`invalid signature algorithm %s`, key.Algorithm())
}
- // Okay, we have a valid algorithm, go go
+ // Okay, we have a valid algorithm
return verifyJWSWithParams(ctx, payload, alg, key)
}
@@ -548,14 +548,13 @@ func (t *stdToken) Clone() (Token, error) {
//
// In that case you would register a custom field as follows
//
-// jwt.RegisterCustomField(`x-birthday`, timeT)
+// jwt.RegisterCustomField(`x-birthday`, timeT)
//
// Then `token.Get("x-birthday")` will still return an `interface{}`,
// but you can convert its type to `time.Time`
//
-// bdayif, _ := token.Get(`x-birthday`)
-// bday := bdayif.(time.Time)
-//
+// bdayif, _ := token.Get(`x-birthday`)
+// bday := bdayif.(time.Time)
func RegisterCustomField(name string, object interface{}) {
registry.Register(name, object)
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwt/options.go
b/vendor/github.com/lestrrat-go/jwx/jwt/options.go
index e905c356af..2f076a0041 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwt/options.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwt/options.go
@@ -362,7 +362,7 @@ func WithRequiredClaim(name string) ValidateOption {
//
// For example, in order to specify that `exp` - `iat` should be less than
10*time.Second, you would write
//
-// jwt.Validate(token, jwt.WithMaxDelta(10*time.Second, jwt.ExpirationKey,
jwt.IssuedAtKey))
+// jwt.Validate(token, jwt.WithMaxDelta(10*time.Second, jwt.ExpirationKey,
jwt.IssuedAtKey))
//
// If AcceptableSkew of 2 second is specified, the above will return valid for
any value of
// `exp` - `iat` between 8 (10-2) and 12 (10+2).
@@ -375,10 +375,9 @@ func WithMaxDelta(dur time.Duration, c1, c2 string)
ValidateOption {
//
// For example, in order to specify that `exp` - `iat` should be greater than
10*time.Second, you would write
//
-// jwt.Validate(token, jwt.WithMinDelta(10*time.Second, jwt.ExpirationKey,
jwt.IssuedAtKey))
+// jwt.Validate(token, jwt.WithMinDelta(10*time.Second, jwt.ExpirationKey,
jwt.IssuedAtKey))
//
// The validation would fail if the difference is less than 10 seconds.
-//
func WithMinDelta(dur time.Duration, c1, c2 string) ValidateOption {
return WithValidator(MinDeltaIs(c1, c2, dur))
}
@@ -387,14 +386,13 @@ func WithMinDelta(dur time.Duration, c1, c2 string)
ValidateOption {
//
// For example, in order to validate tokens that are only valid during August,
you would write
//
-// validator := jwt.ValidatorFunc(func(_ context.Context, t jwt.Token)
error {
-// if time.Now().Month() != 8 {
-// return fmt.Errorf(`tokens are only valid during August!`)
-// }
-// return nil
-// })
-// err := jwt.Validate(token, jwt.WithValidator(validator))
-//
+// validator := jwt.ValidatorFunc(func(_ context.Context, t jwt.Token)
error {
+// if time.Now().Month() != 8 {
+// return fmt.Errorf(`tokens are only valid during August!`)
+// }
+// return nil
+// })
+// err := jwt.Validate(token, jwt.WithValidator(validator))
func WithValidator(v Validator) ValidateOption {
return newValidateOption(identValidator{}, v)
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwt/serialize.go
b/vendor/github.com/lestrrat-go/jwx/jwt/serialize.go
index a3665ce62d..c9b80e3fe9 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwt/serialize.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwt/serialize.go
@@ -43,16 +43,16 @@ type SerializeStep interface {
// For example, to marshal the token into JSON, then apply JWS and JWE
// in that order, you would do:
//
-// serialized, err := jwt.NewSerialer().
-// Sign(jwa.RS256, key).
-// Encrypt(jwa.RSA_OAEP, key.PublicKey).
-// Serialize(token)
+// serialized, err := jwt.NewSerialer().
+// Sign(jwa.RS256, key).
+// Encrypt(jwa.RSA_OAEP, key.PublicKey).
+// Serialize(token)
//
// The `jwt.Sign()` function is equivalent to
//
-// serialized, err := jwt.NewSerializer().
-// Sign(...args...).
-// Serialize(token)
+// serialized, err := jwt.NewSerializer().
+// Sign(...args...).
+// Serialize(token)
type Serializer struct {
steps []SerializeStep
}
diff --git a/vendor/github.com/lestrrat-go/jwx/jwx.go
b/vendor/github.com/lestrrat-go/jwx/jwx.go
index 24c96539c3..d3aae35f6b 100644
--- a/vendor/github.com/lestrrat-go/jwx/jwx.go
+++ b/vendor/github.com/lestrrat-go/jwx/jwx.go
@@ -5,11 +5,11 @@
// Package jwx contains tools that deal with the various JWx (JOSE)
// technologies such as JWT, JWS, JWE, etc in Go.
//
-// JWS (https://tools.ietf.org/html/rfc7515)
-// JWE (https://tools.ietf.org/html/rfc7516)
-// JWK (https://tools.ietf.org/html/rfc7517)
-// JWA (https://tools.ietf.org/html/rfc7518)
-// JWT (https://tools.ietf.org/html/rfc7519)
+// JWS (https://tools.ietf.org/html/rfc7515)
+// JWE (https://tools.ietf.org/html/rfc7516)
+// JWK (https://tools.ietf.org/html/rfc7517)
+// JWA (https://tools.ietf.org/html/rfc7518)
+// JWT (https://tools.ietf.org/html/rfc7519)
//
// Examples are stored in a separate Go module (to avoid adding
// dependencies to this module), and thus does not appear in the
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 42c6af1f02..86ee9c4119 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -168,7 +168,7 @@ github.com/kylelemons/godebug/diff
# github.com/lestrrat-go/backoff/v2 v2.0.8
## explicit; go 1.16
github.com/lestrrat-go/backoff/v2
-# github.com/lestrrat-go/blackmagic v1.0.1
+# github.com/lestrrat-go/blackmagic v1.0.2
## explicit; go 1.16
github.com/lestrrat-go/blackmagic
# github.com/lestrrat-go/httpcc v1.0.1
@@ -178,7 +178,7 @@ github.com/lestrrat-go/httpcc
## explicit; go 1.13
github.com/lestrrat-go/iter/arrayiter
github.com/lestrrat-go/iter/mapiter
-# github.com/lestrrat-go/jwx v1.2.26
+# github.com/lestrrat-go/jwx v1.2.27
## explicit; go 1.15
github.com/lestrrat-go/jwx
github.com/lestrrat-go/jwx/internal/base64
@@ -276,8 +276,8 @@ go.etcd.io/bbolt
# go.uber.org/atomic v1.6.0
## explicit; go 1.13
go.uber.org/atomic
-# golang.org/x/crypto v0.9.0
-## explicit; go 1.17
+# golang.org/x/crypto v0.16.0
+## explicit; go 1.18
golang.org/x/crypto/curve25519
golang.org/x/crypto/curve25519/internal/field
golang.org/x/crypto/ed25519
@@ -302,13 +302,12 @@ golang.org/x/net/ipv4
golang.org/x/net/ipv6
golang.org/x/net/proxy
golang.org/x/net/publicsuffix
-# golang.org/x/sys v0.8.0
-## explicit; go 1.17
-golang.org/x/sys/internal/unsafeheader
+# golang.org/x/sys v0.15.0
+## explicit; go 1.18
golang.org/x/sys/unix
golang.org/x/sys/windows
-# golang.org/x/text v0.9.0
-## explicit; go 1.17
+# golang.org/x/text v0.14.0
+## explicit; go 1.18
golang.org/x/text/encoding
golang.org/x/text/encoding/charmap
golang.org/x/text/encoding/htmlindex
