Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(deps): bump the dependencies group across 1 directory with 2 updates #1345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 28, 2025
Merged

chore(deps): bump the dependencies group across 1 directory with 2 updates #1345

merged 1 commit into from
Oct 28, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 28, 2025

Bumps the dependencies group with 2 updates in the / directory: github.com/k1LoW/expand and github.com/lestrrat-go/jwx/v3.

Updates github.com/k1LoW/expand from 0.16.2 to 0.16.3

Release notes

Sourced from github.com/k1LoW/expand's releases.

v0.16.3

What's Changed

Other Changes

Full Changelog: k1LoW/expand@v0.16.2...v0.16.3

Changelog

Sourced from github.com/k1LoW/expand's changelog.

v0.16.3 - 2025-10-26

Other Changes

Commits
  • e414535 Merge pull request #78 from k1LoW/tagpr-from-v0.16.2
  • 1647cbf [tagpr] update CHANGELOG.md
  • 0606e09 [tagpr] prepare for the next release
  • 2bb219b Merge pull request #83 from k1LoW/dependabot/github_actions/dependencies-3ffa...
  • d6e0ef2 Merge pull request #82 from k1LoW/dependabot/go_modules/dependencies-7908e96986
  • 669f0c9 chore(deps): bump the dependencies group across 1 directory with 2 updates
  • b620f23 chore(deps): bump github.com/expr-lang/expr in the dependencies group
  • e1b9293 Merge pull request #85 from k1LoW/setup-tagpr-labels
  • 7ac16e9 chore: setup tagpr labels
  • 92aee0a chore: bump up go directive version
  • Additional commits viewable in compare view

Updates github.com/lestrrat-go/jwx/v3 from 3.0.11 to 3.0.12

Release notes

Sourced from github.com/lestrrat-go/jwx/v3's releases.

v3.0.12

What's Changed

New Contributors

Full Changelog: lestrrat-go/jwx@v3.0.11...v3.0.12

Changelog

Sourced from github.com/lestrrat-go/jwx/v3's changelog.

v3.0.12 20 Oct 2025

  • [jwe] As part of the next change, now per-recipient headers that are empty are no longer serialized in flattened JSON serialization.

  • [jwe] Introduce jwe.WithLegacyHeaderMerging(bool) option to control header merging behavior in during JWE encryption. This only applies to flattened JSON serialization.

    Previously, when using flattened JSON serialization (i.e. you specified JSON serialization via jwe.WithJSON() and only supplied one key), per-recipient headers were merged into the protected headers during encryption, and then were left to be included in the final serialization as-is. This caused duplicate headers to be present in both the protected headers and the per-recipient headers.

    Since there maybe users who rely on this behavior already, instead of changing the default behavior to fix this duplication, a new option to jwe.Encrypt() was added to allow clearing the per-recipient headers after merging to leave the "headers" field empty. This in effect makes the flattened JSON serialization more similar to the compact serialization, where there are no per-recipient headers present, and leaves the headers disjoint.

    Note that in compact mode, there are no per-recipient headers and thus the headers need to be merged regardless. In full JSON serialization, we never merge the headers, so it is left up to the user to keep the headers disjoint.

  • [jws] Calling the deprecated jws.NewSigner() function for the time will cause legacy signers to be loaded automatically. Previously, you had to explicitly call jws.Settings(jws.WithLegacySigners(true)) to enable legacy signers.

    We incorrectly assumed that users would not be using jws.NewSigner(), and thus disabled legacy signers by default. However, it turned out that some users were using jws.NewSigner() in their code, which lead to breakages in existing code. In hindsight we should have known that any API made public before will be used by somebody.

    As a side effect, jws.Settings(jws.WithLegacySigners(...)) is now a no-op.

    However, please do note that jws.Signer (and similar) objects were always intended to be used for registering new signing/verifying algorithms, and not for end users to actually use them directly. If you are using them for other purposes, please consider changing your code, as it is more than likely that we will somehow deprecate/remove/discouraged their use in the future.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group across 1 directory with 2 up…
b693014 
…dates

Bumps the dependencies group with 2 updates in the / directory: [github.com/k1LoW/expand](https://github.com/k1LoW/expand) and [github.com/lestrrat-go/jwx/v3](https://github.com/lestrrat-go/jwx).


Updates `github.com/k1LoW/expand` from 0.16.2 to 0.16.3
- [Release notes](https://github.com/k1LoW/expand/releases)
- [Changelog](https://github.com/k1LoW/expand/blob/main/CHANGELOG.md)
- [Commits](k1LoW/expand@v0.16.2...v0.16.3)

Updates `github.com/lestrrat-go/jwx/v3` from 3.0.11 to 3.0.12
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v3/Changes)
- [Commits](lestrrat-go/jwx@v3.0.11...v3.0.12)

---
updated-dependencies:
- dependency-name: github.com/k1LoW/expand
  dependency-version: 0.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/lestrrat-go/jwx/v3
  dependency-version: 3.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 28, 2025
@k1LoW k1LoW merged commit 66365c8 into main Oct 28, 2025
7 checks passed
@k1LoW k1LoW deleted the dependabot/go_modules/dependencies-02fe71d936 branch October 28, 2025 12:03
@github-actions github-actions bot mentioned this pull request Oct 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@k1LoW k1LoW

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@k1LoW