Bump json-jwt from 1.16.3 to 1.16.6 #3012
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Otherwise this causes existing unit tests to fail when the call to the Kubernetes API is added to status validation.
This check ensures the access token may be used with the Kubernetes API and does return a 401 Unauthorized response when it's used.
…cess-token CNJR-3063: Kubernetes service account token validation
In this scenario, the k8s API returns 403 Forbidden on the `apis/` endpoint. When this occurs, we present a message that the most likely cause is missing the 'system:discovery' role binding on the service account.
…i-discovery CNJR-3064: Kubernetes Authn Status - Validate API discovery permissions
…olicy CNJR-2495: Update ca-cert usage for OIDC dev/ci environments
…st-CNJR-1428 Skip flaky test in http proxy
Previously we handle some specific cases of "record not found" foreign key constraint violations. This approach is more general
…eign-key Handle record not found foreign key constraint violations
CNJR-2516: Integration tests for proxy support in OIDC authenticator
Will expire next on Jan 7 2034
CNJR-3584: Refresh self-signed certs used in AuthnJWT Cucumber tests
Previously we were accessing the Role Credentials object directly. However, ChangePassword was not doing this safely in the case the Credentials had not yet been created. This resulted in an error: ``` error: failed to set password and rotate API key: undefined method `password=' for nil:NilClass ```
…-reset-rebased Cnjr 2751 user password reset rebased
Add conjur witchers to approvers for the *.md files also
CNJR-2876: Update CODEOWNERS
…rm64 CNJR-3427: Prepare packages for arm64
…for-multiarch CNJR-2806: Fix bill of materials for multi-arch images
CNJR-2702 Update conjur-cli to go version
CNJR-0000: Fix build warnings
CNJR-5196 update REXML to mitigate CVE-2024-49761
As part of the push to GA, I'm removing this work from the initial effort to allow us to treat much of this functionality as individual efforts that are part of our planning process.
This commit introduces a context object to resources related to Policy Factories. This context object is intended to provide role & IP address to the lower parts of the implementation to support audit.
This commit adds support for the lower level (role/variable/policy) audit events which occur during Policy Factory creation and usage. We'll be adding Policy Factory specific events in a future effort.
…tory-audit-v2 Adds Audit Events for Factory-created Roles/Resources
CNJR-6107: Implement Raw Diff Mapper
CNJR-6999 Policy Dry Run Create
- The DTOs we created for the new Conjur Primitives include a required validation `policy_id` that prevented the admin role or root resources from being turned into a DTO (due to being nil) - That validation rule has been removed
- Ruby is "pass by object reference" which results in the potential for nested objects to be passed by reference - This causes unexpected behavior where changes done to a created/updated/deleted record might appear in multiple places during the mapping process
- Includes the original state of resources-to-be-updated, as well as the final state after the proposed changes have been applied to it - Lint existing controller tests - Add business logic to produce final diff; this is required to ensure changes to ownership are captured in the diff without returning duplicates across the diff results - Update loader tests to use mock the policy_diff class. This class now includes business logic that these tests don't care about, so they've been mocked out
CNJR-6109 Add update results to dryrun REST API Response
CNJR-6108 Add delete items to policy dryrun REST API response
Temporarily disable security scans
…CNJR-7203 Revert "Temporarily disable security scans"
Co-authored-by: Ghea Chaw <[email protected]>
CNJR-0000: Update VSCode debugging instructions
Bumps [json-jwt](https://github.com/nov/json-jwt) from 1.16.3 to 1.16.6. - [Release notes](https://github.com/nov/json-jwt/releases) - [Changelog](https://github.com/nov/json-jwt/blob/main/CHANGELOG.md) - [Commits](nov/json-jwt@v1.16.3...v1.16.6) --- updated-dependencies: - dependency-name: json-jwt dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps json-jwt from 1.16.3 to 1.16.6.
Release notes
Sourced from json-jwt's releases.
Commits
fcc22b0v1.16.69c4d842reject blank JWE87cb8c8v1.16.50c2c1a0add base64 gem as dependency6391631unify coding style0d5a266v1.16.4676bcderun CI on ruby 3.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.