b36ef87507
Bump jackson dependency to latest ( #750 )
...
This is important to get the latest security fixes from jackson.
Users of jjwt-jackson have to exclude and manually upgrade this dependency otherwise.
2022-11-30 16:17:37 -08:00
8318287284
Upgrading Jackson dependency due to CVE-2022-42003 ( #760 )
2022-11-08 12:31:55 -08:00
a858153518
Adds new convenience module using the old package name ( #629 )
...
* Adds new connivence module, in place of the old io.jsonwebtoken:jjwt module
Some folks are unaware of newer JJWT versions because they are still using the old io.jsonwebtoken:jjwt module. This makes automatic version updates tools "just work" for them
NOTE: This new module is _basically_ an empty jar, that adds `jjwt-api` (compile scope), `jjwt-impl` (runtime scope), and `jjwt-jackson` (runtime scope) transitive dependencies.
* Minor cleanup before changing `all` directory name
* Renamed `all` to `tdjar` (transitive dependency jar)
Co-authored-by: Les Hazlewood <121180+lhazlewood@users.noreply.github.com>
2022-06-11 15:53:17 -07:00
aecf2c146f
Separate code coverage build from standard JDK builds ( #739 )
...
Resolves #738
2022-04-30 16:54:05 -04:00
19db6e1279
Fix an inefficient keyset iterator ( #690 )
...
Found via infer on Lift, an inefficient keyset iterator is in the form:
```
for key in mapping:
entry = mapping.find(key)
```
Which is linear-log instead of the more optimal linear solution.
2022-04-30 15:41:19 -04:00
e1fb09caa9
Add a Sonatype Lift configuration to ignore uninteresting results ( #691 )
2022-04-28 12:30:15 -04:00
eb20914fa7
0.11.5 release ( #735 )
...
* Changed README references from 0.11.4 to 0.11.5
* [maven-release-plugin] prepare release 0.11.5
* [maven-release-plugin] prepare for next development iteration
2022-04-28 12:24:56 -04:00
877960fe04
Added additional guards for JVM CVE-2022-21449 per review, accompanied by corresponding regression tests ( #733 )
2022-04-28 12:11:36 -04:00
9c0ea0d0eb
Prep for 0.11.4 release ( #732 )
...
- Updated README.md version numbers to reflect the 0.11.4 release
- Added 0.11.4 release/changelog notes to CHANGELOG.md
2022-04-26 19:16:04 -04:00
a7c1d3c003
Resolves #617 ( #731 )
2022-04-26 18:19:40 -04:00
f32b350633
3rd party version upgrades where feasible ( #730 )
2022-04-26 17:17:09 -04:00
b35be95bf3
TYPO ( #706 )
...
the resulting
string **NOT is** safe to expose publicly => the resulting
string **is NOT** safe to expose publicly
2022-04-26 14:42:40 -04:00
39c4301ef0
Update README.md to replace CI build status badge
...
Update README.md to replace old Travis build status badge with new/accurate Github Actions CI build status badge
2022-04-25 22:02:18 -04:00
451c8d44dd
Clean build on all available JDK versions ( #729 )
...
- POM and JavaDoc updates to get a clean (warning free) build, remove duplicates, etc
- Ensured CI uses the release build profile (i.e. 'ossrh') to ensure we can execute all things necessary for a release. This will not deploy to ossrh however, as we do that manually during a release per https://github.com/jwtk/jjwt/wiki#release-instructions
- Fixing JavaDoc lint errors surfacing on JDK 14
- Enable html5 for JavaDoc on JDK >= 9
- Used version properties and Maven profiles to allow the japicmp-maven-plugin to work with JDK 7 through 18
- Minor CI job name fixes, added additional zulu JDK versions
- Fixed build to run on all JDKs, from 7 to 18 inclusive
2022-04-25 21:51:28 -04:00
b78473262d
0.11.3 to master ( #728 )
...
Merged 0.11.3 patch release into mainline development branch
2022-04-23 17:32:28 -04:00
d91881fbac
Create SECURITY.md
2022-04-19 14:28:02 -04:00
4b3e2c9315
Update Jackson Databind to 2.12.6.1
...
Fixes : #716
Fixes : #614
2022-04-18 13:38:09 -04:00
20b04372d2
fix: upgrade com.google.code.gson:gson from 2.8.8 to 2.8.9
...
Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.8 to 2.8.9.
See this package in Maven Repository:
https://mvnrepository.com/artifact/com.google.code.gson/gson/
See this project in Snyk:
https://app.snyk.io/org/micah.silverman/project/cb87a9f4-731e-4a75-a25d-ca3272fdd00b?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-02-28 18:05:54 -05:00
82189f8418
fix: pom.xml to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
2022-01-31 16:25:40 -05:00
f6d067950d
Cleanup ownership confusion in readme
2021-12-14 14:54:30 -05:00
9f789bb4c6
Adding legacy java 7 and older Java versions that were in travis.yml
2021-12-14 14:48:04 -05:00
aa17d5094e
enable GitHub Actions
...
https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
2021-12-14 14:48:04 -05:00
2fb6d6bb9c
Bump bcprov-jdk15on from 1.60 to 1.67
...
Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java ) from 1.60 to 1.67.
- [Release notes](https://github.com/bcgit/bc-java/releases )
- [Changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html )
- [Commits](https://github.com/bcgit/bc-java/commits )
---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk15on
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-24 12:36:39 -05:00
3e6c9e978c
fix: upgrade com.google.code.gson:gson from 2.8.5 to 2.8.8 ( #684 )
...
Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.5 to 2.8.8.
See this package in Maven Repository:
https://mvnrepository.com/artifact/com.google.code.gson/gson/
See this project in Snyk:
https://app.snyk.io/org/dogeared/project/76cafdc8-8c18-4705-9786-9703c2e293c9?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-10-11 13:13:39 -04:00
878d836347
fix: upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.7 to 2.12.5 ( #683 )
...
Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.7 to 2.12.5.
See this package in Maven Repository:
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/
See this project in Snyk:
https://app.snyk.io/org/dogeared/project/d56a851a-c55c-475b-bff7-40745a085073?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-10-11 13:13:16 -04:00
9dc82f01f0
Fix small typo in README.md
2021-09-25 11:36:27 -04:00
6fe3759d64
Fixed Javadoc and comment typos
...
Fixes : #294
2021-07-20 10:51:56 -04:00
ddeb39c557
Update feature_request.md
...
Updated asking question section
2021-07-19 13:48:12 -07:00
30a6c929cf
Update bug_report.md
...
Updated asking questions section
2021-07-19 13:47:27 -07:00
9a215fed35
Created config.yml to disallow blank issues
2021-07-19 16:39:53 -04:00
e8174df18f
Update issue templates
...
first pass at issue templates
2021-07-19 16:26:39 -04:00
9007ae7c98
Add notes about Jackson version update in release notes: #642
2021-07-09 17:17:13 -04:00
6b2843bded
Fix name of tests in DefaultJwtParserBuilder
...
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-07-09 17:08:56 -04:00
04762e4d4e
Add and cleanup tests based on review feedback
...
* Add tests to verify the DefaultJwtParserBuilder will correctly wrap Deserializer implementations
* Cleanup string handling in JwtDeserializerTest
2021-07-09 17:08:56 -04:00
52b2ab13d1
Apply suggestions from code review
...
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-07-09 17:08:56 -04:00
6c25d67978
Update CHANGELOG with better description of JSON error handling
2021-07-09 17:08:56 -04:00
8a11a4ed18
Adds handling for common JSON parsing exceptions and wraps them in a `JwtException`
...
Move the parser error handling logic out of DefaultJwtParser into the new JwtDeserializer and wraps them with developer freiendly exceptions
Add check for common JSON parsing exceptions like stack overflow when parsing deeply nested (or malformed) JSON
2021-07-09 17:08:56 -04:00
d9da0e3e80
update installation using Gradle
2021-07-09 16:48:21 -04:00
861ec66832
Revert "update readme.md: installation in gradle 7+"
...
This reverts commit 371577df98
2021-07-09 16:48:21 -04:00
915a3753c4
update readme.md: installation in gradle 7+
2021-07-09 16:48:21 -04:00
1118726d04
Update fork of coverall-maven-plugin fork
...
NOTE: This fork supports Clover for test coverage
2021-07-09 13:23:41 -04:00
a4130dd1ec
Remove unused import of java.util.Arrays in RsaSignatureValidator
2021-03-10 10:14:13 -05:00
8ed4ab407e
Bump jackson-databind from 2.9.10.5 to 2.9.10.7
...
Bumps [jackson-databind](https://github.com/FasterXML/jackson ) from 2.9.10.5 to 2.9.10.7.
- [Release notes](https://github.com/FasterXML/jackson/releases )
- [Commits](https://github.com/FasterXML/jackson/commits )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-19 10:11:08 -05:00
894d6f298b
fixed typo ( #646 )
2021-02-17 10:39:11 -08:00
71ed1b67aa
Bump junit from 4.12 to 4.13.1
...
Bumps [junit](https://github.com/junit-team/junit4 ) from 4.12 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases )
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md )
- [Commits](https://github.com/junit-team/junit4/compare/r4.12...r4.13.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-10-13 14:48:06 -04:00
5c5f1b818a
Added "are" to correct grammar ( #605 )
2020-07-22 19:20:55 -04:00
d02cee5474
FixTypo ( #607 )
2020-07-22 19:20:12 -04:00
901048aeac
Removes eager initialization of the CompressionCodecResolver in the JwtParserBuilder
...
This removes a potential service loader issue with OSGi runtimes.
Fixes : #578
2020-07-13 12:56:05 -04:00
dc120e8c54
Correcting dependabot version bump of Jackson to 2.9.10.5
2020-07-09 16:04:45 -04:00
6f2c0c37aa
Bump jackson-databind from 2.9.10.4 to 2.10.0.pr1
...
Bumps [jackson-databind](https://github.com/FasterXML/jackson ) from 2.9.10.4 to 2.10.0.pr1.
- [Release notes](https://github.com/FasterXML/jackson/releases )
- [Commits](https://github.com/FasterXML/jackson/commits )
Signed-off-by: dependabot[bot] <support@github.com>
2020-07-09 16:04:45 -04:00
Mats Rydberg
Les Hazlewood
Brian Demers
Thomas M. DuBuisson
Jacob Lin
snyk-bot
Sean C. Sullivan
dependabot[bot]
Snyk bot
abit19
TK-one
Micah Silverman
minho
Tomasz Zarna
Dominik Dorn
jonfrench
Chen