json-jwt 1.16.7 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff9257afeb38d25d140c0c79a61a2cab02988de75c22fc28287d2e5ffb31e56c
-  data.tar.gz: 991d63f84efdd78c07285f1af5b7e9e4eb4d676c4183da5c838a036789598a26
+  metadata.gz: a5e686d5323ee2afed6b3d1833cd119c22ba05c3a2710f1941609401eec29681
+  data.tar.gz: cbdc73267f4afb245c8f0b155557201734f4a8a73fb91ca92b9754db461926c7
 SHA512:
-  metadata.gz: 7768f064e72788a1dfd20e79790bd8d8ca73b8909fd48425a57e1aead11df1c93bf71d91bb72060fedb08bc6e082a77785fe7aa55138bbefc5ec8b003c36b81f
-  data.tar.gz: ea64d0752787f2ea267c7afe3917af9a81899263c6328617cc6233a80ab15b8e36759990e7cd0583f1ffb8e7b2f66629dfa8498e849ebcd4314c3f299049b4d7
+  metadata.gz: cef8be34c81199d13566f451ed487f5e002502918bb478f7589ae69a0409ae0eeef1a566666ef26e175c57d891541addd3101f34d8522bd3ea965178654425f5
+  data.tar.gz: d0e7d0764084f8a1e6f4a632c039b4661a2530409d817bf7dc9e42672041b30fa7cfdecf046034ec94c33d2cb145ecae94c06a97b87baeefd6e76983d29659a1

data/.github/workflows/spec.yml

@@ -11,21 +11,20 @@ permissions:
 
 jobs:
   spec:
+    runs-on: ubuntu-latest
+    name: Ruby ${{ matrix.ruby }}
     strategy:
       matrix:
-        os: ['ubuntu-20.04', 'ubuntu-22.04']
-        ruby-version: ['3.1', '3.2', '3.3']
-        include:
-        - os: 'ubuntu-20.04'
-          ruby-version: '3.0'
-    runs-on: ${{ matrix.os }}
-
+        ruby:
+          - '3.2'
+          - '3.3'
+          - '3.4'
     steps:
     - uses: actions/checkout@v3
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: ${{ matrix.ruby-version }}
+        ruby-version: ${{ matrix.ruby }}
         bundler-cache: true
     - name: Run Specs
       run: bundle exec rake spec

data/VERSION

@@ -1 +1 @@
-1.16.7
+1.17.0

data/lib/json/jwk/set/fetcher.rb

@@ -2,6 +2,8 @@ module JSON
   class JWK
     class Set
       module Fetcher
+        class UnexpectedFormat < JWT::Exception; end
+
         class Cache
           def fetch(cache_key, options = {})
             yield
@@ -65,13 +67,18 @@ module JSON
             kid
           ].collect(&:to_s).join(':')
 
-          jwks = Set.new(
-            JSON.parse(
-              cache.fetch(cache_key, options) do
-                http_client.get(jwks_uri).body
-              end
-            )
+          parsed_jwks = JSON.parse(
+            cache.fetch(cache_key, options) do
+              http_client.get(jwks_uri).body
+            end
           )
+
+          unless parsed_jwks.is_a?(Hash) && parsed_jwks['keys'].is_a?(Array)
+            cache.delete(cache_key, options)
+            raise UnexpectedFormat
+          end
+
+          jwks = Set.new(parsed_jwks)
           cache.delete(cache_key, options) if jwks[kid].blank?
 
           if auto_detect
@@ -83,4 +90,4 @@ module JSON
       end
     end
   end
-end
+end

data/lib/json/jwk/set.rb

@@ -31,4 +31,4 @@ module JSON
       end
     end
   end
-end
+end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.16.7
+  version: 1.17.0
 platform: ruby
 authors:
 - nov matake
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-15 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -196,7 +195,6 @@ homepage: https://github.com/nov/json-jwt
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -211,8 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
   JSON Web Key) in Ruby