RubyGems - jwt - Versions diffs - 2.10.0 → 2.10.2 - Mend

jwt 2.10.0 → 2.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc5cd58ec8821cfc743d4dc35f70eb1297d49cda060220d895ca334e8ab06345
-  data.tar.gz: 44401e7eab75b75a1cb37abc2fc58a6dcff84103bc99625880c8c3be525aabea
+  metadata.gz: 0cae4dcfd78806b4eb8192b16880e1ebeafa8651400296c9ca955f5b91abe9ab
+  data.tar.gz: a5a024f58f196d355eb004aa39be6f2d3b1e5fbf1219cac78b4d315833fd9d3f
 SHA512:
-  metadata.gz: 80e7845a017b409105cad8d3ac3c7cc233b0cdc3e071715406b0a43e73a4b56f35fb6d5fe2c3786c10059d30809ffe0bdbb12e7438376dff9069f3a766f476f1
-  data.tar.gz: ab86ff7dba44c40358d5d14b18a7346412fa7081635fb2995102ddb3b26b352ff68cb9e0d001aa3e7986cea4a1ea0c096cbc1824f4be14573414cf74d15b8e6b
+  metadata.gz: 4fa464f652e42bd8d70243a6dd8cb8e9ad72d285116580cf802108328c20b35b274ea7e371764855fcc8b620507a7b5f9bdac0632d270bff0ad5e4ce773d0352
+  data.tar.gz: 938d9d141e35b29b94f9fe64fe07a4c87a279e2120236873d2fd5c9ca5e2bd183c4fc3123eb3c9a46d18d6c60df5271b9e2431345dbd87035dd009c07e8aa6f5

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 # Changelog
+## [v2.10.2](https://github.com/jwt/ruby-jwt/tree/v2.10.2) (2025-06-29)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.2)
+**Fixes and enhancements:**
+- Avoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa [#697](https://github.com/jwt/ruby-jwt/pull/697)
+## [v2.10.1](https://github.com/jwt/ruby-jwt/tree/v2.10.1) (2024-12-26)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.10.0...v2.10.1)
+**Fixes and enhancements:**
+- Make version constants public again [#646](https://github.com/jwt/ruby-jwt/pull/646) ([@anakinj]
 ## [v2.10.0](https://github.com/jwt/ruby-jwt/tree/v2.10.0) (2024-12-25)
 [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.9.3...v2.10.0)

data/lib/jwt/jwa/ecdsa.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module JWT
       def initialize(alg, digest)
         @alg = alg
-        @digest = OpenSSL::Digest.new(digest)
+        @digest = digest
       end
       def sign(data:, signing_key:)
@@ -16,7 +16,7 @@ module JWT
         key_algorithm = curve_definition[:algorithm]
         raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} signing key was provided" if alg != key_algorithm
-        asn1_to_raw(signing_key.dsa_sign_asn1(digest.digest(data)), signing_key)
+        asn1_to_raw(signing_key.dsa_sign_asn1(OpenSSL::Digest.new(digest).digest(data)), signing_key)
       end
       def verify(data:, signature:, verification_key:)
@@ -24,7 +24,7 @@ module JWT
         key_algorithm = curve_definition[:algorithm]
         raise IncorrectAlgorithm, "payload algorithm is #{alg} but #{key_algorithm} verification key was provided" if alg != key_algorithm
-        verification_key.dsa_verify_asn1(digest.digest(data), raw_to_asn1(signature, verification_key))
+        verification_key.dsa_verify_asn1(OpenSSL::Digest.new(digest).digest(data), raw_to_asn1(signature, verification_key))
       rescue OpenSSL::PKey::PKeyError
         raise JWT::VerificationError, 'Signature verification raised'
       end

data/lib/jwt/jwa/eddsa.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module JWT
       def sign(data:, signing_key:)
         raise_sign_error!("Key given is a #{signing_key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey") unless signing_key.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)
-        Deprecations.warning('Using Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
+        Deprecations.warning('Using the EdDSA algorithm is deprecated and will be removed in a future version of ruby-jwt. In the future the algorithm will be provided by the jwt-eddsa gem.')
         signing_key.sign(data)
       end
@@ -21,7 +21,7 @@ module JWT
       def verify(data:, signature:, verification_key:)
         raise_verify_error!("key given is a #{verification_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey") unless verification_key.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey)
-        Deprecations.warning('Using Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
+        Deprecations.warning('Using the EdDSA algorithm is deprecated and will be removed in a future version of ruby-jwt. In the future the algorithm will be provided by the jwt-eddsa gem.')
         verification_key.verify(signature, data)
       rescue RbNaCl::CryptoError

data/lib/jwt/jwa/rsa.rb CHANGED Viewed

@@ -8,17 +8,17 @@ module JWT
       def initialize(alg)
         @alg = alg
-        @digest = OpenSSL::Digest.new(alg.sub('RS', 'SHA'))
+        @digest = alg.sub('RS', 'SHA')
       end
       def sign(data:, signing_key:)
         raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance") unless signing_key.is_a?(OpenSSL::PKey::RSA)
-        signing_key.sign(digest, data)
+        signing_key.sign(OpenSSL::Digest.new(digest), data)
       end
       def verify(data:, signature:, verification_key:)
-        verification_key.verify(digest, signature, data)
+        verification_key.verify(OpenSSL::Digest.new(digest), signature, data)
       rescue OpenSSL::PKey::PKeyError
         raise JWT::VerificationError, 'Signature verification raised'
       end

data/lib/jwt/version.rb CHANGED Viewed

@@ -16,12 +16,10 @@ module JWT
   module VERSION
     MAJOR = 2
     MINOR = 10
-    TINY  = 0
+    TINY  = 2
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
-    private_constant(:MAJOR, :MINOR, :TINY, :PRE)
   end
   # Checks if the OpenSSL version is 3 or greater.

data/ruby-jwt.gemspec CHANGED Viewed

@@ -35,6 +35,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'logger'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'rubocop'

metadata CHANGED Viewed

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.10.0
+  version: 2.10.2
 platform: ruby
 authors:
 - Tim Rudat
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-25 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -52,6 +51,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -181,9 +194,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.10.0/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.10.2/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -198,8 +210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
 test_files: []