Bump firebase/php-jwt from 5.2.1 to 6.2.0 in /php/jwt

[dependabot]

Bumps firebase/php-jwt from 5.2.1 to 6.2.0.

Release notes

Sourced from firebase/php-jwt's releases.

v6.2.0

Features

• add cached keyset (#397)

v6.1.2

Bug Fix

• revert the flag to json_decode to force object (firebase/php-jwt#420)

Note: This fixes the PHP Fatal error the previous version tried to fix, but does so in a safer way.

v6.1.1

Bug Fixes

Add flag to json_decode to force object (#416)

Note: This technically breaks backwards compatibility, but it fixes a PHP Fatal error in the current release on JWT::decode which also broke backwards compatibility, so we hope it's justified 🤞

v6.1.0

Note: There should be no issues with backwards compatibility unless types were being used incorrectly

• This version is compatible with PHP >= 7.1
• Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
• Add parameter typing and return types
• Better PHPDoc / IDE support

v6.0.0

Note: This version is compatible with PHP >= 5.3

Backwards Compatibility Breaking Changes

• The second argument of JWT::decode now must be Firebase\JWT\Key or array<string, Firebase\JWT\Key> (see #376)
• The return type of Firebase\JWT\JWK::parseKey is now Firebase\JWT\Key (see #392)
• The return type of Firebase\JWT\JWK::parseKeySet is now array<string, Firebase\JWT\Key> (see #376)
• The "alg" parameter is required to be set for all JWKS parsed using Firebase\JWT\JWK::parseKeySet (see #376)
• The flag JSON_UNESCAPED_SLASHES is now used for JSON decoding (see #376)
• Constants ASN1_INTEGER, ASN1_SEQUENCE, and ASN1_BIT_STRING have been removed (see #376)
• JWT::encode requires third argument $alg (see #376)

Using Firebase\JWT\Key

Using the Key object in JWT::decode

As a security fix, to avoid key type confusion (see #351), use of Firebase\JWT\Key is now required when decoding:

use Firebase\JWT\JWT;
// previous (v5.5.1 and below)
$decoded = JWT::decode($jwt, $publicKey, 'RS256');
</tr></table>

... (truncated)

Commits

• d28e6df feat: add defaultAlg param (#426)
• 2308363 feat: add cached keyset (#397)
• 6a6025b chore: add cs config, fix git-attributes, removed unused entrypoint.sh (#424)
• 0ac5041 chore: styles for short array and single quotes (#423)
• c297139 fix: revert add flag to force object (#420)
• e67638d fix: add flag to force object (#416)
• a57a898 chore: add missing docblock param for $alg (#419)
• fbb2967 chore: update CHANGELOG for v6.1.0
• 5bbc90c chore: add back timestamp var for compatibility (#412)
• 52943f5 feat: add back compatibility for >= PHP 7.1 (#405)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #11.