This is a jwt for Gin framework.

Last update: Jan 9, 2022

Related tags

Authentication & OAuth wjwt

Overview

JWT for Gin Framework

This is a jwt useful for Gin framework.

It uses jwt-go to provide a jwt encode and decode token.

Usage

go get github.com/wyy-go/wjwt

Import it in your code:

import "github.com/wyy-go/wjwt"

Example

Please see the example file.

package main

import (
	"log"
	"math/rand"
	"net/http"
	"strings"
	"time"

	"github.com/gin-gonic/gin"

	"github.com/wyy-go/wjwt"
)

type login struct {
	Username string `form:"username" json:"username" binding:"required"`
	Password string `form:"password" json:"password" binding:"required"`
}

func main() {
	// jwt auth
	auth, err := wjwt.New(wjwt.Config{
		SignConfig: wjwt.SignConfig{
			Key:        []byte("secret key"),
			Timeout:    30 * time.Second,
			MaxRefresh: 30 * time.Second,
		},

		// Lookup is a string in the form of "<source>:<name>" that is used
		// to extract token from the request.
		// Optional. Default value "header:Authorization".
		// Possible values:
		// - "header:<name>"
		// - "query:<name>"
		// - "cookie:<name>"
		// - "param:<name>"
		TokenLookup: "header: Authorization, query: token, cookie: jwt",
		// Lookup: "query:token",
		// Lookup: "cookie:token",

		// TokenHeaderName is a string in the header. Possible value is "Bearer"
		TokenHeaderName: "Bearer",
	})
	if err != nil {
		log.Fatal("JWT Error:" + err.Error())
	}

	service := &Service{auth}

	r := gin.New()
	r.Use(gin.Logger())
	r.Use(gin.Recovery())
	r.Use(service.CheckAuth("/login"))
	{
		r.POST("/login", service.Login)
		r.GET("/hello", helloHandler)
	}
	if err = http.ListenAndServe(":8080", r); err != nil {
		log.Fatal(err)
	}
}

type Service struct {
	auth *wjwt.Auth
}

func (sf *Service) Login(c *gin.Context) {
	var req login
	if err := c.ShouldBind(&req); err != nil {
		c.JSON(http.StatusBadRequest, nil)
		return
	}
	username := req.Username
	password := req.Password

	if (username == "admin" && password == "admin") ||
		(username == "test" && password == "test") {
		uid := rand.Int63()
		t, expire, err := sf.auth.Encode(&wjwt.Account{Uid: uid, Username: "admin"})
		if err != nil {
			c.JSON(http.StatusBadRequest, gin.H{"msg": err.Error()})
			return
		}
		log.Printf("uid: %d, token: %s", uid, t)
		c.JSON(http.StatusOK, gin.H{"token": t, "expire": expire})
		return
	}
	c.JSON(http.StatusBadRequest, gin.H{"msg": "账号或密码错"})
}

func checkPrefix(s string, prefixes ...string) bool {
	for _, p := range prefixes {
		if strings.HasPrefix(s, p) {
			return true
		}
	}
	return false
}

func (sf *Service) CheckAuth(excludePrefixes ...string) gin.HandlerFunc {
	return func(c *gin.Context) {
		if !checkPrefix(c.Request.URL.Path, excludePrefixes...) {
			tk, err := sf.auth.GetToken(c)
			if err != nil {
				c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": err.Error()})
				return
			}
			account, err := sf.auth.Decode(tk)
			if err != nil {
				c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": err.Error()})
				return
			}

			//sf.auth.SetAccount(c, account)
			wjwt.SetAccount(c, account)
		}
		c.Next()
	}
}

func helloHandler(c *gin.Context) {
	account := wjwt.FromAccount(c)
	c.JSON(http.StatusOK, gin.H{
		"uid":      account.Uid,
		"username": account.Username,
		"text":     "Hello World.",
	})
}

Issues

Bump golangci/golangci-lint-action from 2 to 3
Bumps golangci/golangci-lint-action from 2 to 3.

Release notes

Sourced from golangci/golangci-lint-action's releases.

v3.0.0

What's Changed

Fix grammar in action.yml by @abennett in golangci/golangci-lint-action#356

Add description for permissions settings by @sg0hsmt in golangci/golangci-lint-action#298

Remove Setup-Go by @StevenACoffman in golangci/golangci-lint-action#403

Update all direct dependencies by @SVilgelm in golangci/golangci-lint-action#404

139 Dependabot updates

New Contributors

@abennett made their first contribution in golangci/golangci-lint-action#356

@sg0hsmt made their first contribution in golangci/golangci-lint-action#298

@StevenACoffman made their first contribution in golangci/golangci-lint-action#403

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

Bump version v2.5.2

Bug fixes

5c56cd6 Extract and don't mangle User Args. (#200)

Dependencies

e3c53fe bump @typescript-eslint/eslint-plugin (#194)

3b9f80e bump @typescript-eslint/parser from 4.18.0 to 4.19.0 (#195)

9845713 bump @types/node from 14.14.35 to 14.14.37 (#197)

e789ee1 bump eslint from 7.22.0 to 7.23.0 (#196)

f2e9a96 bump @typescript-eslint/eslint-plugin (#188)

818081a bump @types/node from 14.14.34 to 14.14.35 (#189)

6671836 bump @typescript-eslint/parser from 4.17.0 to 4.18.0 (#190)

526907e bump @typescript-eslint/parser from 4.16.1 to 4.17.0 (#185)

6b6ba16 bump @typescript-eslint/eslint-plugin (#186)

9cab4ef bump eslint from 7.21.0 to 7.22.0 (#187)

0c76572 bump @types/node from 14.14.32 to 14.14.34 (#184)

0dfde21 bump @typescript-eslint/parser from 4.15.2 to 4.16.1 (#182)

9dcf389 bump typescript from 4.2.2 to 4.2.3 (#181)

34d3904 bump @types/node from 14.14.31 to 14.14.32 (#180)

e30b22f bump @typescript-eslint/eslint-plugin (#179)

8f30d25 bump eslint from 7.20.0 to 7.21.0 (#177)

0b64a40 bump @typescript-eslint/parser from 4.15.1 to 4.15.2 (#176)

973b3a3 bump eslint-config-prettier from 8.0.0 to 8.1.0 (#178)

6ea3de1 bump @typescript-eslint/eslint-plugin (#175)

6eec6af bump typescript from 4.1.5 to 4.2.2 (#174)

v2.5.1

Bug fixes:

d9f0e73 Check that go.mod exists in reading the version (#173)

v2.5.0

New Features:

51485a4 Try to get version from go.mod file (#118)

... (truncated)

Commits

c675eb7 Update all direct dependencies (#404)

423fbaf Remove Setup-Go (#403)

bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)

d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)

e4b538e build(deps-dev): bump @types/node from 16.11.10 to 17.0.19 (#400)

a288c0d build(deps): bump @actions/cache from 1.0.8 to 1.0.9 (#399)

b7a34f8 build(deps): bump @types/tmp from 0.2.2 to 0.2.3 (#398)

129bcf9 build(deps-dev): bump @types/uuid from 8.3.3 to 8.3.4 (#397)

153576c build(deps-dev): bump eslint-config-prettier from 8.3.0 to 8.4.0 (#396)

a9a9dff build(deps): bump ansi-regex from 5.0.0 to 5.0.1 (#395)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 2
Bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.3.0
Bumps github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.3.0.

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.3.0

What's Changed

Support errors.Is for token extractors by @stefantds in golang-jwt/jwt#141

Implementing Is(err) bool to support Go 1.13 style error checking by @oxisto in golang-jwt/jwt#136

remove unnecessary for loop in token signing string for readability by @hyeonjae in golang-jwt/jwt#34

updated README.md to contain more extensions by @matelang in golang-jwt/jwt#155

Add JWT logo attribution by @mfridman in golang-jwt/jwt#161

fix: fixed typo detect by cSpell by @giautm in golang-jwt/jwt#164

Set json encoding precision by @mfridman in golang-jwt/jwt#162

New Contributors

@stefantds made their first contribution in golang-jwt/jwt#141

@hyeonjae made their first contribution in golang-jwt/jwt#34

@matelang made their first contribution in golang-jwt/jwt#155

@giautm made their first contribution in golang-jwt/jwt#164

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.2.0...v4.3.0

v4.2.0

Fix the comment of VerifyExpiresAt (#109) @shogo82148

Introducing functional-style options for the Parser type (#108) @oxisto

Improve code comments, including security consideration (#107) @sebastien-rosset

Fix int64 overflow in newNumericDateFromSeconds (#112) @PiotrKozimor

Fixes jwt command to support EdDSA algorithm (#118) @AlexanderYastrebov

Revert Encoding/Decoding changes for better compatibility (#117) @ajermaky

Allow none algorithm in jwt command (#121) @AlexanderYastrebov

Unwrap for ValidationError (#125) @kdeberk

cmd: list supported algorithms (-alg flag) (#123) @AlexanderYastrebov

Added VerifyIssuer method to RegisteredClaims (#130) @tfonfara

Commits

279dd19 Set json encoding precision (#162)

863d23d fix: fixed typo detect by cSpell (#164)

2387103 Add JWT logo image attribution (#161)

d0c0939 updated README.md to contain more extensions (#155)

e01ed05 remove unnecessary for loop in token signing string for readability (#34)

78a18c0 Implementing Is(err) bool to support Go 1.13 style error checking (#136)

0fb40d3 use errors.Is for extractor errors (#141)

c435f38 #129: Added VerifyIssuer method to RegisteredClaims (#130)

a725c1f cmd: list supported algorithms (-alg flag) (#123)

823c014 Unwrap for ValidationError (#125)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies go
opened by dependabot[bot] 2
Bump actions/cache from 2 to 3
Bumps actions/cache from 2 to 3.

Release notes

Sourced from actions/cache's releases.

v3.0.0

This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

Few dependencies and cache action usage examples have also been updated.

v2.1.7

Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

v2.1.6

Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

v2.1.5

Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

v2.1.4

Make caching more verbose #650

Use GNU tar on macOS if available #701

v2.1.3

Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.

Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

v2.1.2

Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds

No-op when executing on GHES

v2.1.1

Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

v2.1.0

Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently

Display download progress and speed

Commits

4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version

60c606a Update licensed files

b6e9a91 Revert "Updated to the latest version."

c842503 Updated to the latest version.

2b7da2a Bumped up to a major version.

deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example

c7c46bc Merge pull request #707 from duxtland/main

6535c5f Regenerated examples.md TOC

3fdafa4 Update GitHub Actions status badge markdown in README.md

341e6d7 Merge branch 'actions:main' into fix-golang-windows-example

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1
Bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.4.0
Bumps github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.4.0.

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.4.0

What's Changed

fix: expired token error message by @ydylla in golang-jwt/jwt#165

feat: port clockskew support by @ksegun in golang-jwt/jwt#139

New Contributors

@ydylla made their first contribution in golang-jwt/jwt#165

@ksegun made their first contribution in golang-jwt/jwt#139

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.3.0...v4.4.0

v4.3.0

What's Changed

Support errors.Is for token extractors by @stefantds in golang-jwt/jwt#141

Implementing Is(err) bool to support Go 1.13 style error checking by @oxisto in golang-jwt/jwt#136

remove unnecessary for loop in token signing string for readability by @hyeonjae in golang-jwt/jwt#34

updated README.md to contain more extensions by @matelang in golang-jwt/jwt#155

Add JWT logo attribution by @mfridman in golang-jwt/jwt#161

fix: fixed typo detect by cSpell by @giautm in golang-jwt/jwt#164

Set json encoding precision by @mfridman in golang-jwt/jwt#162

New Contributors

@stefantds made their first contribution in golang-jwt/jwt#141

@hyeonjae made their first contribution in golang-jwt/jwt#34

@matelang made their first contribution in golang-jwt/jwt#155

@giautm made their first contribution in golang-jwt/jwt#164

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.2.0...v4.3.0

v4.2.0

Fix the comment of VerifyExpiresAt (#109) @shogo82148

Introducing functional-style options for the Parser type (#108) @oxisto

Improve code comments, including security consideration (#107) @sebastien-rosset

Fix int64 overflow in newNumericDateFromSeconds (#112) @PiotrKozimor

Fixes jwt command to support EdDSA algorithm (#118) @AlexanderYastrebov

Revert Encoding/Decoding changes for better compatibility (#117) @ajermaky

Allow none algorithm in jwt command (#121) @AlexanderYastrebov

Unwrap for ValidationError (#125) @kdeberk

cmd: list supported algorithms (-alg flag) (#123) @AlexanderYastrebov

Added VerifyIssuer method to RegisteredClaims (#130) @tfonfara

Commits

d489c99 feat: port clockskew support (#139)

6de17d3 fix: expired token error message (#165)

279dd19 Set json encoding precision (#162)

863d23d fix: fixed typo detect by cSpell (#164)

2387103 Add JWT logo image attribution (#161)

d0c0939 updated README.md to contain more extensions (#155)

e01ed05 remove unnecessary for loop in token signing string for readability (#34)

78a18c0 Implementing Is(err) bool to support Go 1.13 style error checking (#136)

0fb40d3 use errors.Is for extractor errors (#141)

c435f38 #129: Added VerifyIssuer method to RegisteredClaims (#130)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies go
opened by dependabot[bot] 1
Bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0
Bumps github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0.

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.2.0

Fix the comment of VerifyExpiresAt (#109) @shogo82148

Introducing functional-style options for the Parser type (#108) @oxisto

Improve code comments, including security consideration (#107) @sebastien-rosset

Fix int64 overflow in newNumericDateFromSeconds (#112) @PiotrKozimor

Fixes jwt command to support EdDSA algorithm (#118) @AlexanderYastrebov

Revert Encoding/Decoding changes for better compatibility (#117) @ajermaky

Allow none algorithm in jwt command (#121) @AlexanderYastrebov

Unwrap for ValidationError (#125) @kdeberk

cmd: list supported algorithms (-alg flag) (#123) @AlexanderYastrebov

Added VerifyIssuer method to RegisteredClaims (#130) @tfonfara

Commits

c435f38 #129: Added VerifyIssuer method to RegisteredClaims (#130)

a725c1f cmd: list supported algorithms (-alg flag) (#123)

823c014 Unwrap for ValidationError (#125)

1275a5b Allow none algorithm in jwt command (#121)

f4865cd Revert Encoding/Decoding changes for better compatibility (#117)

9c3665f Fixes jwt command to support EdDSA algorithm (#118)

a2aa655 Fix int64 overflow in newNumericDateFromSeconds (#112)

c0ffb89 Improve code comments, including security consideration (#107)

65357b9 Introducing functional-style options for the Parser type (#108)

cac353c fix the comment of VerifyExpiresAt (#109)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies go
opened by dependabot[bot] 1
Bump actions/setup-go from 2 to 3
Bumps actions/setup-go from 2 to 3.

Release notes

Sourced from actions/setup-go's releases.

v3.0.0

What's Changed

Update default runtime to node16 (actions/setup-go#192)

Update package-lock.json file version to 2 (actions/setup-go#193) and @types/node to 16.11.25 (actions/setup-go#194)

Remove the stable input and fix SemVer notation (actions/setup-go#195)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

This new major release removes the stable input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).

steps: - uses: actions/[email protected] - uses: actions/[email protected] with: go-version: '1.18.0-rc.1' - run: go version

Add check-latest input

In scope of this release we add the check-latest input. If check-latest is set to true, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from go-versions repository. By default check-latest is set to false. Example of usage:

steps: - uses: actions/[email protected] - uses: actions/[email protected] with: go-version: '1.16' check-latest: true - run: go version

Moreover, we updated @actions/core from 1.2.6 to 1.6.0

v2.1.5

In scope of this release we updated matchers.json to improve the problem matcher pattern. For more information please refer to this pull request

v2.1.4

What's Changed

Fix extractor selection on windows by @paulcacheux in actions/setup-go#141

New Contributors

@paulcacheux made their first contribution in actions/setup-go#141

Full Changelog: https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4

v2.1.3

Updated communication with runner to use environment files rather then workflow commands

v2.1.2

This release includes vendored licenses for this action's npm dependencies.

... (truncated)

Commits

f6164bd Remove stable input and fix SemVer notation (#195)

2bb2aab update types node (#194)

edcbc0c update lockfileVersion (#193)

fb9a043 Update default runtime to node16 (#192)

5b0ae0e Bump pathval from 1.1.0 to 1.1.1 (#188)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1
Bump codecov/codecov-action from 2 to 3
Bumps codecov/codecov-action from 2 to 3.

Release notes

Sourced from codecov/codecov-action's releases.

v3.0.0

Breaking Changes

#689 Bump to node16 and small fixes

Features

#688 Incorporate gcov arguments for the Codecov uploader

Dependencies

#548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0

#603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0

#628 build(deps): bump node-fetch from 2.6.1 to 3.1.1

#634 build(deps): bump node-fetch from 3.1.1 to 3.2.0

#636 build(deps): bump openpgp from 5.0.1 to 5.1.0

#652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3

#653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18

#659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1

#667 build(deps): bump actions/checkout from 2 to 3

#673 build(deps): bump node-fetch from 3.2.0 to 3.2.3

#683 build(deps): bump minimist from 1.2.5 to 1.2.6

#685 build(deps): bump @actions/github from 5.0.0 to 5.0.1

#681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23

#682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3

#676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1

#675 build(deps): bump openpgp from 5.1.0 to 5.2.1

v2.1.0

2.1.0

Features

#515 Allow specifying version of Codecov uploader

Dependencies

#499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0

#508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0

#514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0

v2.0.3

2.0.3

Fixes

#464 Fix wrong link in the readme

#485 fix: Add override OS and linux default to platform

Dependencies

#447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5

#458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0

#465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1

#466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1

#468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0

#470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0

#472 build(deps): bump path-parse from 1.0.6 to 1.0.7

#473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

3.0.0

Breaking Changes

#689 Bump to node16 and small fixes

Features

#688 Incorporate gcov arguments for the Codecov uploader

Dependencies

#548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0

#603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0

#628 build(deps): bump node-fetch from 2.6.1 to 3.1.1

#634 build(deps): bump node-fetch from 3.1.1 to 3.2.0

#636 build(deps): bump openpgp from 5.0.1 to 5.1.0

#652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3

#653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18

#659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1

#667 build(deps): bump actions/checkout from 2 to 3

#673 build(deps): bump node-fetch from 3.2.0 to 3.2.3

#683 build(deps): bump minimist from 1.2.5 to 1.2.6

#685 build(deps): bump @actions/github from 5.0.0 to 5.0.1

#681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23

#682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3

#676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1

#675 build(deps): bump openpgp from 5.1.0 to 5.2.1

2.1.0

Features

#515 Allow specifying version of Codecov uploader

Dependencies

#499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0

#508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0

#514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0

2.0.3

Fixes

#464 Fix wrong link in the readme

#485 fix: Add override OS and linux default to platform

Dependencies

#447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5

#458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0

#465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1

#466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1

#468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0

#470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0

#472 build(deps): bump path-parse from 1.0.6 to 1.0.7

#473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1

#478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2

#479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2

... (truncated)

Commits

e3c5604 Merge pull request #689 from codecov/feat/gcov

174efc5 Update package-lock.json

6243a75 bump to 3.0.0

0d6466f Bump to node16

d4729ee fetch.default

351baf6 fix: bash

d8cf680 Merge pull request #675 from codecov/dependabot/npm_and_yarn/openpgp-5.2.1

b775e90 Merge pull request #676 from codecov/dependabot/npm_and_yarn/actions/exec-1.1.1

2ebc2f0 Merge pull request #682 from codecov/dependabot/npm_and_yarn/typescript-4.6.3

8e2ef2b Merge pull request #681 from codecov/dependabot/npm_and_yarn/types/node-17.0.23

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1
Bump actions/cache from 2 to 3.0.1
Bumps actions/cache from 2 to 3.0.1.

Release notes

Sourced from actions/cache's releases.

v3.0.1

Added support for caching from GHES 3.5.

Fixed download issue for files > 2GB during restore.

v3.0.0

This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

Few dependencies and cache action usage examples have also been updated.

v2.1.7

Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

v2.1.6

Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

v2.1.5

Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

v2.1.4

Make caching more verbose #650

Use GNU tar on macOS if available #701

v2.1.3

Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.

Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

v2.1.2

Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds

No-op when executing on GHES

v2.1.1

Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

v2.1.0

Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently

Display download progress and speed

Changelog

Sourced from actions/cache's changelog.

3.0.1

Added support for caching from GHES 3.5.

Fixed download issue for files > 2GB during restore.

Commits

136d96b Enabling actions/cache for GHES based on presence of AC service (#774)

7d4f40b Bumping up the version to fix download issue for files > 2 GB. (#775)

2d8d0d1 Updated what's new. (#771)

7799d86 Updated the usage and docs to the major version release. (#770)

4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version

60c606a Update licensed files

b6e9a91 Revert "Updated to the latest version."

c842503 Updated to the latest version.

2b7da2a Bumped up to a major version.

deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1
Bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.4.1
Bumps github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.4.1.

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.4.1

What's Changed

Add go1.18 to ci pipeline by @mfridman in golang-jwt/jwt#173

Revert "feat: port clockskew support (#139)" by @mfridman in golang-jwt/jwt#184

Note, this release contains a Go module retraction for a prior release v4.4.0:

retract ( v4.4.0 // Contains a backwards incompatible change to the Claims interface. )

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.4.0...v4.4.1

v4.4.0

What's Changed

fix: expired token error message by @ydylla in golang-jwt/jwt#165

feat: port clockskew support by @ksegun in golang-jwt/jwt#139

New Contributors

@ydylla made their first contribution in golang-jwt/jwt#165

@ksegun made their first contribution in golang-jwt/jwt#139

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.3.0...v4.4.0

v4.3.0

What's Changed

Support errors.Is for token extractors by @stefantds in golang-jwt/jwt#141

Implementing Is(err) bool to support Go 1.13 style error checking by @oxisto in golang-jwt/jwt#136

remove unnecessary for loop in token signing string for readability by @hyeonjae in golang-jwt/jwt#34

updated README.md to contain more extensions by @matelang in golang-jwt/jwt#155

Add JWT logo attribution by @mfridman in golang-jwt/jwt#161

fix: fixed typo detect by cSpell by @giautm in golang-jwt/jwt#164

Set json encoding precision by @mfridman in golang-jwt/jwt#162

New Contributors

@stefantds made their first contribution in golang-jwt/jwt#141

@hyeonjae made their first contribution in golang-jwt/jwt#34

@matelang made their first contribution in golang-jwt/jwt#155

@giautm made their first contribution in golang-jwt/jwt#164

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.2.0...v4.3.0

v4.2.0

Fix the comment of VerifyExpiresAt (#109) @shogo82148

Introducing functional-style options for the Parser type (#108) @oxisto

Improve code comments, including security consideration (#107) @sebastien-rosset

Fix int64 overflow in newNumericDateFromSeconds (#112) @PiotrKozimor

... (truncated)

Commits

0972257 Revert "feat: port clockskew support (#139)" (#184)

1096e50 Add go1.18 to ci pipeline (#173)

d489c99 feat: port clockskew support (#139)

6de17d3 fix: expired token error message (#165)

279dd19 Set json encoding precision (#162)

863d23d fix: fixed typo detect by cSpell (#164)

2387103 Add JWT logo image attribution (#161)

d0c0939 updated README.md to contain more extensions (#155)

e01ed05 remove unnecessary for loop in token signing string for readability (#34)

78a18c0 Implementing Is(err) bool to support Go 1.13 style error checking (#136)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies go
opened by dependabot[bot] 1
Bump github.com/stretchr/testify from 1.7.0 to 1.7.1
Bumps github.com/stretchr/testify from 1.7.0 to 1.7.1.

Commits

083ff1c Fixed didPanic to now detect panic(nil).

1e36bfe Use cross Go version compatible build tag syntax

e798dc2 Add docs on 1.17 build tags

83198c2 assert: guard CanConvert call in backward compatible wrapper

087b655 assert: allow comparing time.Time

7bcf74e fix msgAndArgs forwarding

c29de71 add tests for correct msgAndArgs forwarding

f87e2b2 Update builds

ab6dc32 fix linting errors in /assert package

edff5a0 fix funtion name

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies go
opened by dependabot[bot] 1
Bump actions/checkout from 2 to 3
Bumps actions/checkout from 2 to 3.

Release notes

Sourced from actions/checkout's releases.

v3.0.0

Update default runtime to node16

v2.4.0

Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

Add missing awaits

Swap to Environment Files

v2.3.3

Remove Unneeded commit information from build logs

Add Licensed to verify third party dependencies

v2.3.2

Add Third Party License Information to Dist Files

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

Changelog

Sourced from actions/checkout's changelog.

Changelog

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line

Add input persist-credentials

Fallback to REST API to download repo

Commits

a12a394 update readme for v3 (#708)

8f9e05e Update to node 16 (#689)

230611d Change secret name for PAT to not start with GITHUB_ (#623)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 0