honeymoose/jjwt
1
0
Fork 0
mirror of https://github.com/jwtk/jjwt.git synced 2025-02-16 17:54:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
556 Commits 16 Branches 33 Tags
Commit Graph

556 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas M. DuBuisson
19db6e1279
Fix an inefficient keyset iterator (#690) 
Found via infer on Lift, an inefficient keyset iterator is in the form:

```
for key in mapping:
    entry = mapping.find(key)
```

Which is linear-log instead of the more optimal linear solution.
 2022-04-30 15:41:19 -04:00
Thomas M. DuBuisson
e1fb09caa9
Add a Sonatype Lift configuration to ignore uninteresting results (#691) 2022-04-28 12:30:15 -04:00
Les Hazlewood
eb20914fa7
0.11.5 release (#735) 
* Changed README references from 0.11.4 to 0.11.5
* [maven-release-plugin] prepare release 0.11.5
* [maven-release-plugin] prepare for next development iteration
 2022-04-28 12:24:56 -04:00
Les Hazlewood
877960fe04
Added additional guards for JVM CVE-2022-21449 per review, accompanied by corresponding regression tests (#733) 2022-04-28 12:11:36 -04:00
Les Hazlewood
9c0ea0d0eb
Prep for 0.11.4 release (#732) 
- Updated README.md version numbers to reflect the 0.11.4 release
- Added 0.11.4 release/changelog notes to CHANGELOG.md
 2022-04-26 19:16:04 -04:00
Les Hazlewood
a7c1d3c003
Resolves #617 (#731) 2022-04-26 18:19:40 -04:00
Les Hazlewood
f32b350633
3rd party version upgrades where feasible (#730) 2022-04-26 17:17:09 -04:00
Jacob Lin
b35be95bf3
TYPO (#706) 
the resulting
string **NOT is** safe to expose publicly => the resulting
string **is NOT** safe to expose publicly
 2022-04-26 14:42:40 -04:00
Les Hazlewood
39c4301ef0
Update README.md to replace CI build status badge 
Update README.md to replace old Travis build status badge with new/accurate Github Actions CI build status badge
 2022-04-25 22:02:18 -04:00
Les Hazlewood
451c8d44dd
Clean build on all available JDK versions (#729) 
- POM and JavaDoc updates to get a clean (warning free) build, remove duplicates, etc
- Ensured CI uses the release build profile (i.e. 'ossrh') to ensure we can execute all things necessary for a release.  This will not deploy to ossrh however, as we do that manually during a release per https://github.com/jwtk/jjwt/wiki#release-instructions
- Fixing JavaDoc lint errors surfacing on JDK 14
- Enable html5 for JavaDoc on JDK >= 9
- Used version properties and Maven profiles to allow the japicmp-maven-plugin to work with JDK 7 through 18
- Minor CI job name fixes, added additional zulu JDK versions
- Fixed build to run on all JDKs, from 7 to 18 inclusive
 2022-04-25 21:51:28 -04:00
Les Hazlewood
b78473262d
0.11.3 to master (#728) 
Merged 0.11.3 patch release into mainline development branch
 2022-04-23 17:32:28 -04:00
Les Hazlewood
d91881fbac
Create SECURITY.md 2022-04-19 14:28:02 -04:00
Brian Demers
4b3e2c9315 Update Jackson Databind to 2.12.6.1 
Fixes: #716
Fixes: #614
 2022-04-18 13:38:09 -04:00
snyk-bot
20b04372d2 fix: upgrade com.google.code.gson:gson from 2.8.8 to 2.8.9 
Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.8 to 2.8.9.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.google.code.gson/gson/

See this project in Snyk:
https://app.snyk.io/org/micah.silverman/project/cb87a9f4-731e-4a75-a25d-ca3272fdd00b?utm_source=github&utm_medium=referral&page=upgrade-pr
 2022-02-28 18:05:54 -05:00
snyk-bot
82189f8418 fix: pom.xml to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
 2022-01-31 16:25:40 -05:00
Brian Demers
f6d067950d Cleanup ownership confusion in readme 2021-12-14 14:54:30 -05:00
Brian Demers
9f789bb4c6 Adding legacy java 7 and older Java versions that were in travis.yml 2021-12-14 14:48:04 -05:00
Sean C. Sullivan
aa17d5094e enable GitHub Actions 
https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
 2021-12-14 14:48:04 -05:00
dependabot[bot]
2fb6d6bb9c Bump bcprov-jdk15on from 1.60 to 1.67 
Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java) from 1.60 to 1.67.
- [Release notes](https://github.com/bcgit/bc-java/releases)
- [Changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk15on
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-24 12:36:39 -05:00
Snyk bot
3e6c9e978c
fix: upgrade com.google.code.gson:gson from 2.8.5 to 2.8.8 (#684) 
Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.5 to 2.8.8.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.google.code.gson/gson/

See this project in Snyk:
https://app.snyk.io/org/dogeared/project/76cafdc8-8c18-4705-9786-9703c2e293c9?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-11 13:13:39 -04:00
Snyk bot
878d836347
fix: upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.7 to 2.12.5 (#683) 
Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.7 to 2.12.5.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/

See this project in Snyk:
https://app.snyk.io/org/dogeared/project/d56a851a-c55c-475b-bff7-40745a085073?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-11 13:13:16 -04:00
abit19
9dc82f01f0 Fix small typo in README.md 2021-09-25 11:36:27 -04:00
TK-one
6fe3759d64
Fixed Javadoc and comment typos 
Fixes: #294
 2021-07-20 10:51:56 -04:00
Les Hazlewood
ddeb39c557
Update feature_request.md 
Updated asking question section
 2021-07-19 13:48:12 -07:00
Les Hazlewood
30a6c929cf
Update bug_report.md 
Updated asking questions section
 2021-07-19 13:47:27 -07:00
Micah Silverman
9a215fed35
Created config.yml to disallow blank issues 2021-07-19 16:39:53 -04:00
Micah Silverman
e8174df18f Update issue templates 
first pass at issue templates
 2021-07-19 16:26:39 -04:00
Brian Demers
9007ae7c98 Add notes about Jackson version update in release notes: #642 2021-07-09 17:17:13 -04:00
Brian Demers
6b2843bded Fix name of tests in DefaultJwtParserBuilder 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-07-09 17:08:56 -04:00
Brian Demers
04762e4d4e Add and cleanup tests based on review feedback 
* Add tests to verify the DefaultJwtParserBuilder will correctly wrap Deserializer implementations
* Cleanup string handling in JwtDeserializerTest
 2021-07-09 17:08:56 -04:00
Brian Demers
52b2ab13d1 Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-07-09 17:08:56 -04:00
Brian Demers
6c25d67978 Update CHANGELOG with better description of JSON error handling 2021-07-09 17:08:56 -04:00
Brian Demers
8a11a4ed18 Adds handling for common JSON parsing exceptions and wraps them in a JwtException 
Move the parser error handling logic out of DefaultJwtParser into the new JwtDeserializer and wraps them with developer freiendly exceptions
Add check for common JSON parsing exceptions like stack overflow when parsing deeply nested (or malformed) JSON
 2021-07-09 17:08:56 -04:00
minho
d9da0e3e80 update installation using Gradle 2021-07-09 16:48:21 -04:00
minho
861ec66832 Revert "update readme.md: installation in gradle 7+" 
This reverts commit 371577df988d5386577a577e783ec1cd75eee8e7.
 2021-07-09 16:48:21 -04:00
minho
915a3753c4 update readme.md: installation in gradle 7+ 2021-07-09 16:48:21 -04:00
Brian Demers
1118726d04 Update fork of coverall-maven-plugin fork 
NOTE: This fork supports Clover for test coverage
 2021-07-09 13:23:41 -04:00
Tomasz Zarna
a4130dd1ec Remove unused import of java.util.Arrays in RsaSignatureValidator 2021-03-10 10:14:13 -05:00
dependabot[bot]
8ed4ab407e Bump jackson-databind from 2.9.10.5 to 2.9.10.7 
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.5 to 2.9.10.7.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-19 10:11:08 -05:00
Dominik Dorn
894d6f298b
fixed typo (#646) 2021-02-17 10:39:11 -08:00
dependabot[bot]
71ed1b67aa Bump junit from 4.12 to 4.13.1 
Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.12...r4.13.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-10-13 14:48:06 -04:00
jonfrench
5c5f1b818a
Added "are" to correct grammar (#605) 2020-07-22 19:20:55 -04:00
Chen
d02cee5474
FixTypo (#607) 2020-07-22 19:20:12 -04:00
Brian Demers
901048aeac Removes eager initialization of the CompressionCodecResolver in the JwtParserBuilder 
This removes a potential service loader issue with OSGi runtimes.

Fixes: #578
 2020-07-13 12:56:05 -04:00
Brian Demers
dc120e8c54 Correcting dependabot version bump of Jackson to 2.9.10.5 2020-07-09 16:04:45 -04:00
dependabot[bot]
6f2c0c37aa Bump jackson-databind from 2.9.10.4 to 2.10.0.pr1 
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.10.4 to 2.10.0.pr1.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-07-09 16:04:45 -04:00
Brian Demers
3aaa70bd18 Updates the Java 7 install location for CI 
The previously used URL is dead, which was preventing other PRs from passing CI
 2020-07-09 15:23:35 -04:00
Les Hazlewood
14b2f19b29 [maven-release-plugin] prepare for next development iteration 2020-06-11 15:50:09 -04:00
Les Hazlewood
274749373f [maven-release-plugin] prepare release 0.11.2 0.11.2 2020-06-11 15:50:00 -04:00
Les Hazlewood
0596bea16a Updating readme dependency references to reflect the 0.11.2 release 2020-06-11 14:24:23 -04:00