Update guardian 2.2.1 → 2.4.0 (minor)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ guardian (2.2.1 → 2.4.0) · Repo · Changelog

Release Notes

2.4.0

What's Changed

• fix: codegen token must use base64url encoding by @yordis in #726
• bump jose dep for security patch by @rossvz in #728
• Update versions from readme and tutorial by @boterop in #730
• Wording in readme by @jwbaldwin in #731
• Broken link in docs by @boterop in #734
• refactor: deprecate use of unless by @johnmcguin in #735
• Add day ttl option in encode_and_sign doc by @bardoor in #736
• Updates repo by @michelboaventura in #738
• Fix VerifyToken compilation under OTP 28 by allowing binary scheme_reg by @ptitmouton in #739

New Contributors

• @rossvz made their first contribution in #728
• @boterop made their first contribution in #730
• @jwbaldwin made their first contribution in #731
• @johnmcguin made their first contribution in #735
• @bardoor made their first contribution in #736
• @michelboaventura made their first contribution in #738
• @ptitmouton made their first contribution in #739

Full Changelog: v2.3.2...v2.4.0

2.3.2

What's Changed

• fix: publishing the changelog to hexdocs by @yordis in #716
• chore: bump elixir version by @yordis in #724
• fix: generating timestamp using os_time instead of system_time by @yordis in #725

Full Changelog: v2.3.1...v2.3.2

2.3.1

What's Changed

• Use erlef/setup-beam and prettify yaml file by @kianmeng in #705
• doc: Clarify session storage behavior on sign_in in README by @KaylaBrady in #714
• Users should be able to change most config values at runtime by @geofflane in #715

New Contributors

• @KaylaBrady made their first contribution in #714

Full Changelog: v2.3.0...v2.3.1

2.3.0

What's Changed

• Fix typos by @mathieuprog in #703
• Fix deprecation warnings based on 1.14-dev. by @crova in #702

New Contributors

• @mathieuprog made their first contribution in #703
• @crova made their first contribution in #702

Full Changelog: v2.2.4...v2.3.0

2.2.4

What's Changed

• chore: fix readme badge by @yordis in #698
• Check float values of time in time_within_drift?/2 by @danglduy in #700

New Contributors

• @danglduy made their first contribution in #700

Full Changelog: v2.2.3...v2.2.4

2.2.3

What's Changed

• Ensure that badly-formatted tokens don't raise an exception by @giddie in #697

Full Changelog: v2.2.2...v2.2.3

2.2.2

What's Changed

• Fix typos by @kianmeng in #687
• Corrects Plug.Verify presentation on pipelines.md by @kimjoaoun in #688
• Fix typo in permission docs by @luhagel in #693
• Fix markdown syntax errors and typos by @heitorlisboa in #695
• Minor docs improvements, mostly around Verify* plugs by @alopezz in #692
• Permit atom keys when verifying claims with EnsureAuthenticated by @giddie in #696

New Contributors

• @kimjoaoun made their first contribution in #688
• @luhagel made their first contribution in #693
• @heitorlisboa made their first contribution in #695
• @alopezz made their first contribution in #692
• @giddie made their first contribution in #696

Full Changelog: v2.2.1...v2.2.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 31 commits:

• chore: fix ci
• chore: versioning
• Fix VerifyToken compilation under OTP 28 by allowing binary scheme_reg (#739)
• Updates repo (#738)
• Add day ttl option in encode_and_sign doc (#736)
• refactor: deprecate use of unless (#735)
• Broken link in docs (#734)
• chore: add stale workflow
• Wording in readme (#731)
• Update versions from readme and tutorial (#730)
• bump jose dep for security patch (#728)
• fix: codegen token must use base64url encoding (#726)
• fix: generating timestamp using os_time instead of system_time (#725)
• chore: bump elixir version (#724)
• fix: publishing the changelog to hexdocs (#716)
• Users should be able to change most config values at runtime (#715)
• doc: Clarify session storage behavior on sign_in in README (#714)
• Use erlef/setup-beam and prettify yaml file (#705)
• Fix deprecation warnings based on 1.14-dev. (#702)
• Fix typos (#703)
• Check float values of `time` in `time_within_drift?/2` (#700)
• chore: fix readme badge (#698)
• Ensure that badly-formatted tokens don't raise an exception (#697)
• Permit atom keys when verifying claims with EnsureAuthenticated (#696)
• Minor docs improvements, mostly around Verify* plugs (#692)
• Fix markdown syntax errors and typos (#695)
• Fix typo in permission docs (#693)
• Corrects Plug.Verify presentation on pipelines.md (#688)
• Fix typos (#687)
• chore: add release workflow
• chore: fix ci

↗️ jose (indirect, 1.11.2 → 1.11.10) · Repo · Changelog

Release Notes

1.11.10

• Fixes
  • Various type spec fixes; see #165 and #166.

1.11.8

• Fixes
  • Removes use of dynamic() type spec so OTP 24 and OTP 25 are still supported for now.

1.11.7

• Security Patches
  • CVE-2023-50966: Add jose:pbes2_count_maximum/0. By default, the maximum iterations are set to 10,000 and it will raise an error if p2c is larger than this value.
• Changes
  • Declare Poison as an optional dependency, thanks to [@lnikkila][https://github.com/lnikkila]; see #144.
  • Ensure jiffy:encode/1 returns a binary, thanks to @ssepml; see #145.
  • Various type spec additions and dialyzer/dialyxir integrations, thanks to @whatyouhide and @maennchen.
  • Doc updates and fixes, thanks to @aymanosman and @adamu; see #158 and #159.

1.11.6

1.11.6 (2023-07-18)

• Fixes
  • Use sha256 instead of sha when validating RSA signing supportability, thanks to @pavledjo; see #142.

1.11.5

• Fixes
  • Remove dependency on parse_transform for jose_base64 and jose_base64url.

1.11.4

• Enhancements
  • Add support for native crypto operations for Ed25519 and Ed448, thanks to @brettbeatty; see #123.
  • Add support for native crypto operations for ChaCha20-Poly1305 and XChaCha20-Poly1305, when available.
  • Add support for libsodium operations for XChaCha20-Poly1305, when available.
  • Add support for thoas JSON encode/decode, thanks to @michaelklishin; see #126.
  • Add support for ES256K which uses the secp256k1 curve and RS1 signatures (see 291dbb8).
  • Add support for ECDH-1PU JOSE.JWK.box_encrypt_ecdh_1pu and ECDH-ES JOSE.JWK.box_encrypt_ecdh_es and document the deprecated JOSE.JWK.box_encrypt.
  • Add support for ECDH-SS JOSE.JWK.box_encrypt_ecdh_ss.
  • Hide kty field when inspecting %JOSE.JWK{} strict, thanks to @spencerdcarlson; see #139
• Fixes
  • Version mismatch causing rebar3 to constantly try to update; see #122.
  • Fix Ed25519 and Ed448 key DER/PEM encode/decode for OTP 25.
  • Fix Ed25519ctx, Ed25519ph, Ed448, and Ed448ph when dealing with contexts so the implementation matches IETF RFC 8032.
  • Drop direct usage of crypto:hmac/4, thanks to @thalesmg; see #136
  • Replace incorrect usage of -include_lib with -include, thanks to @Richiban; see #140
  • Update the CI jobs so they actually run the Elixir tests, thanks to @moogle19; see #137
  • Change the master branch to main.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mime (indirect, 2.0.3 → 2.0.7) · Repo · Changelog

Release Notes

2.0.7 (from changelog)

• Correct support for JP2000

2.0.6 (from changelog)

• Add mimes for ZSTD, APNG, JP2000
• Add known_types/0 to list all known types

2.0.5 (from changelog)

• Allow conflicting extension to be overridden

2.0.4 (from changelog)

• Only returns extensions from known suffixes
• Allow mime types to be fully overridden

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 19 commits:

• Release v2.0.7
• Fix extension name for jp2 (#85)
• Update CI (#86)
• CI housekeeping (#83)
• Remove trailing whitespace
• Release v2.0.6
• Add `application/zstd` (Zstandard) (#82)
• Add MIME type for APNG (#81)
• Add MIME type for jp2000 files (#80)
• Add known_types/0 function that lists all known types (#79)
• Fix broken CI (#78)
• Release v2.0.5
• Allow conflicting extensions to be configured
• Release v2.0.4
• Release v2.0.4
• ALlow suffixes to be customizable
• Only return extensions for known structured syntax suffixes (#76)
• Allow mimes to be fully overridden
• Merge custom extensions without overriding the default ones (#73)

↗️ plug (indirect, 1.13.6 → 1.18.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ plug_crypto (indirect, 1.2.2 → 1.2.5) · Repo · Changelog

Release Notes

1.2.5 (from changelog)

• Allow AAD to be given as iolist

1.2.4 (from changelog)

• Allow AAD to be given as argument on message encryptor

1.2.3 (from changelog)

• Remove warnings on Elixir v1.14

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 17 commits:

• Release v1.2.5
• Release v1.2.5
• Allow iodata in AAD
• Improve tests with custom AAD (#34)
• Release v1.2.4
• Allow custom AAD to be provided to message encryptor (#33)
• Rely more on iodata
• Bump Elixir to test against to 14.2 (#32)
• Bump lint job to latest Elixir/Erlang version (#31)
• Release v1.2.3
• Fix Elixir 1.14 warnings (#30)
• Update ci.yml
• Use `import Bitwise` instead of `use Bitwise` (#29)
• Update plug link (#26)
• Update crypto.ex
• Rename arg for clarity in Plug.Crypto.encrypt/4 (#25)
• Run formatter

↗️ telemetry (indirect, 1.1.0 → 1.3.0) · Repo · Changelog

Release Notes

1.3.0 (from changelog)

Added

• Ability to return extra measurements from telemetry:span/3.

Changed

• Rewrite docs from edoc to OTP 27 -moduledoc/-doc.

  Internal macros ?DOC and ?MODULEDOC are used. They are no-ops prior to OTP 27.

1.2.1 (from changelog)

Fixed

• Fixed a local handler warning log when using telemetry_test. (#124)

1.2.0 (from changelog)

Added

• Added telemetry_test module for testing telemetry events. (#118)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 17 commits:

• Release v1.3.0 (#135)
• Move docs to OTP 27 ex_doc support (#134)
• Update README.md
• Add latest Erlang 26.x to CI, bump rebar3, and GitHub actions (#131)
• Ability to return extra measurements from :telemetry.span (#130)
• Hide telemetry_test:handle_event/4 in the docs (#128)
• Release 1.2.1 (#125)
• replace local function capture in telemetry_test (#124)
• Fix docs generation (#123)
• Release 1.2.0 (#121)
• Fix example in docs (#122)
• Add telemetry_test (#118)
• Update versions on CI (#120)
• Update documentation on telemetry:span/3 (#117)
• Point to new repo (#116)
• Update documentation on telemetry:span/3 (#113)
• Post 1.1.0 updates (#108)

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

* [Circle CI](https://circleci.com), [Semaphore ](https://semaphoreci.com) and [Github Actions](https://docs.github.com/actions) are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with `depfu/`.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)