jwt 2.4.0 → 2.4.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e90965d0b77b09f9b095bde7df353186e72838b843940a92f1207d36c1d14afd
4
- data.tar.gz: ac4538d631a35219a21150952325a19ffe6f83ea37d7e32664725a06e659816c
3
+ metadata.gz: 6e7f3474ee58d51ca5646f48ca28bf669b40a4b7676cbe7211597ca6ae69f672
4
+ data.tar.gz: 570e6930c9094afea40ea8e8a6a7c9b3293890b121893f5148914b0a8e7d11f8
5
5
  SHA512:
6
- metadata.gz: b0981dc5c4cc9722514eff7eb1636dcb88bd6e634967380187df8f3555a7405bf2e807c0a996543447006f6cd24516957a11eb2320dcd7dfc2b6ac81aec671b5
7
- data.tar.gz: fadc7972eb2ff5377d517fc6a9cf1dd2315745813e60ae041a100754770829f640f5953bb8c6afe8be76d3340ac531aa92e12326484c12ffb721d09f1aa498b0
6
+ metadata.gz: 3249529ec6bacc8e655e2830949af61c10e235a569f9dc67d3880335d5939b8afc56c180145d3e02dd09744288d50c31547338e105cf55ae4e0fbe237eb2a0e8
7
+ data.tar.gz: dd415314a7bd048d8b2b5b630d5b7011128932bf207dc785ac6154748aff68836a1c39e766dc176e225c643fc406fe9fdc5c510b36dc939e36722e327d8fe92f
@@ -17,7 +17,7 @@ jobs:
17
17
  - name: Set up Ruby
18
18
  uses: ruby/setup-ruby@v1
19
19
  with:
20
- ruby-version: "2.7"
20
+ ruby-version: "3.0"
21
21
  bundler-cache: true
22
22
  - name: Run RuboCop
23
23
  run: bundle exec rubocop
data/.reek.yml ADDED
@@ -0,0 +1,22 @@
1
+ ---
2
+ detectors:
3
+ TooManyStatements:
4
+ max_statements: 10
5
+ UtilityFunction:
6
+ enabled: false
7
+ LongParameterList:
8
+ enabled: false
9
+ DuplicateMethodCall:
10
+ max_calls: 2
11
+ IrresponsibleModule:
12
+ enabled: false
13
+ NestedIterators:
14
+ max_allowed_nesting: 2
15
+ UnusedParameters:
16
+ enabled: false
17
+ FeatureEnvy:
18
+ enabled: false
19
+ ControlParameter:
20
+ enabled: false
21
+ UnusedPrivateMethod:
22
+ enabled: false
data/.rubocop.yml CHANGED
@@ -1,5 +1,3 @@
1
- inherit_from: .rubocop_todo.yml
2
-
3
1
  AllCops:
4
2
  TargetRubyVersion: 2.5
5
3
  NewCops: enable
@@ -21,43 +19,38 @@ Style/GuardClause:
21
19
  Style/IfUnlessModifier:
22
20
  Enabled: false
23
21
 
24
- Layout/SpaceInsideHashLiteralBraces:
25
- Enabled: false
26
-
27
22
  Style/Lambda:
28
23
  Enabled: false
29
24
 
30
25
  Style/RaiseArgs:
31
26
  Enabled: false
32
27
 
33
- Style/SignalException:
34
- Enabled: false
35
-
36
28
  Metrics/AbcSize:
37
29
  Max: 25
38
30
 
39
31
  Metrics/ClassLength:
40
- Max: 103
32
+ Max: 105
41
33
 
42
34
  Metrics/ModuleLength:
43
35
  Max: 100
44
36
 
45
- Layout/LineLength:
46
- Enabled: false
37
+ Metrics/MethodLength:
38
+ Max: 20
47
39
 
48
40
  Metrics/BlockLength:
49
41
  Exclude:
50
42
  - spec/**/*_spec.rb
51
43
 
52
- Metrics/MethodLength:
53
- Max: 15
54
-
55
- Style/SingleLineBlockParams:
44
+ Layout/LineLength:
56
45
  Enabled: false
57
46
 
58
47
  Layout/EndAlignment:
59
48
  EnforcedStyleAlignWith: variable
60
49
 
50
+ Layout/EmptyLineBetweenDefs:
51
+ Enabled: true
52
+ AllowAdjacentOneLineDefs: true
53
+
61
54
  Style/FormatString:
62
55
  Enabled: false
63
56
 
@@ -70,12 +63,5 @@ Layout/MultilineOperationIndentation:
70
63
  Style/WordArray:
71
64
  Enabled: false
72
65
 
73
- Style/RedundantSelf:
66
+ Gemspec/RequireMFA:
74
67
  Enabled: false
75
-
76
- Layout/HashAlignment:
77
- Enabled: true
78
- EnforcedLastArgumentHashStyle: always_ignore
79
-
80
- Style/TrivialAccessors:
81
- AllowPredicates: true
data/.sourcelevel.yml CHANGED
@@ -1,4 +1,3 @@
1
- styleguide: excpt/linters
2
1
  engines:
3
2
  reek:
4
3
  enabled: true
@@ -6,13 +5,13 @@ engines:
6
5
  enabled: true
7
6
  rubocop:
8
7
  enabled: true
9
- channel: rubocop-0-52
8
+ channel: latest
10
9
  duplication:
11
10
  config:
12
11
  languages:
13
12
  - ruby
14
13
  enabled: true
15
14
  remark-lint:
16
- enabled: true
15
+ enabled: false
17
16
  exclude_paths:
18
- - spec
17
+ - spec
data/CHANGELOG.md CHANGED
@@ -1,51 +1,31 @@
1
1
  # Changelog
2
+ ## [v2.4.1](https://github.com/jwt/ruby-jwt/tree/v2.4.1) (2022-06-07)
2
3
 
3
- ## [v2.4.0](https://github.com/jwt/ruby-jwt/tree/v2.4.0) (2022-06-06)
4
-
5
- [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.3.0...v2.4.0)
4
+ **Fixes and enhancements:**
5
+ - Raise JWT::DecodeError on invalid signature [\#484](https://github.com/jwt/ruby-jwt/pull/484) ([@freakyfelt!](https://github.com/freakyfelt!)).
6
6
 
7
- **Implemented enhancements:**
8
-
9
- - Ensure presence of claims [\#244](https://github.com/jwt/ruby-jwt/issues/244)
10
- - Support verifying signature signed using x5c header [\#59](https://github.com/jwt/ruby-jwt/issues/59)
11
- - Add x5c header key finder [\#338](https://github.com/jwt/ruby-jwt/pull/338) ([bdewater](https://github.com/bdewater))
12
-
13
- **Security fixes:**
7
+ [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.4.0...v2.4.1)
14
8
 
15
- - Importing JWK then exporting results in different `kid` [\#313](https://github.com/jwt/ruby-jwt/issues/313)
16
-
17
- **Closed issues:**
18
-
19
- - Is there a way to decode a ES256 encoded JWT with a root certificate but without a public key or a private key? [\#471](https://github.com/jwt/ruby-jwt/issues/471)
20
- - Encode output with extra quote [\#469](https://github.com/jwt/ruby-jwt/issues/469)
21
- - Please release new gem version [\#444](https://github.com/jwt/ruby-jwt/issues/444)
22
- - HS512 signature verification fails for valid tokens [\#438](https://github.com/jwt/ruby-jwt/issues/438)
23
- - ArgumentError: invalid base64 while calling JWT::JWK.import\(hash\) [\#361](https://github.com/jwt/ruby-jwt/issues/361)
24
- - NoMethodError (undefined method `encode' for JsonWebToken:Module\) [\#329](https://github.com/jwt/ruby-jwt/issues/329)
9
+ ## [v2.4.0](https://github.com/jwt/ruby-jwt/tree/v2.4.0) (2022-06-06)
25
10
 
26
- **Merged pull requests:**
11
+ [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.3.0...v2.4.0)
27
12
 
28
- - Fix RuboCop TODOs [\#476](https://github.com/jwt/ruby-jwt/pull/476) ([typhoon2099](https://github.com/typhoon2099))
29
- - Update note about supported JWK types [\#475](https://github.com/jwt/ruby-jwt/pull/475) ([dpashkevich](https://github.com/dpashkevich))
30
- - Make specific algorithms in README linkable [\#472](https://github.com/jwt/ruby-jwt/pull/472) ([milieu](https://github.com/milieu))
31
- - Add tests for keyfinder logic to ensure the argument count does not matter [\#467](https://github.com/jwt/ruby-jwt/pull/467) ([anakinj](https://github.com/anakinj))
32
- - More tests for none token [\#466](https://github.com/jwt/ruby-jwt/pull/466) ([anakinj](https://github.com/anakinj))
33
- - Improve non algorithm tests [\#465](https://github.com/jwt/ruby-jwt/pull/465) ([anakinj](https://github.com/anakinj))
34
- - Bring back Ruby 2.5 support and CodeClimate coverage reports [\#464](https://github.com/jwt/ruby-jwt/pull/464) ([anakinj](https://github.com/anakinj))
35
- - Fix a little RuboCop issue [\#462](https://github.com/jwt/ruby-jwt/pull/462) ([anakinj](https://github.com/anakinj))
36
- - Fixes with latest RuboCop [\#459](https://github.com/jwt/ruby-jwt/pull/459) ([anakinj](https://github.com/anakinj))
37
- - Removed bundler-audit from codeclimate config [\#458](https://github.com/jwt/ruby-jwt/pull/458) ([anakinj](https://github.com/anakinj))
38
- - Updated rubocop to 1.23.0 [\#457](https://github.com/jwt/ruby-jwt/pull/457) ([anakinj](https://github.com/anakinj))
39
- - Add Ruby 3.1 to test matrix [\#456](https://github.com/jwt/ruby-jwt/pull/456) ([anakinj](https://github.com/anakinj))
40
- - Use Ruby built-in url-safe base64 methods [\#454](https://github.com/jwt/ruby-jwt/pull/454) ([bdewater](https://github.com/bdewater))
41
- - Stop running tests on EOL rubies. [\#453](https://github.com/jwt/ruby-jwt/pull/453) ([anakinj](https://github.com/anakinj))
42
- - Fix openssl gem version check to support versons greater than 3 [\#452](https://github.com/jwt/ruby-jwt/pull/452) ([anakinj](https://github.com/anakinj))
43
- - Readme: Typo fix re MissingRequiredClaim [\#451](https://github.com/jwt/ruby-jwt/pull/451) ([antonmorant](https://github.com/antonmorant))
44
- - Fix for exception after mergeing \#385 [\#450](https://github.com/jwt/ruby-jwt/pull/450) ([anakinj](https://github.com/anakinj))
45
- - Create CODE\_OF\_CONDUCT.md [\#449](https://github.com/jwt/ruby-jwt/pull/449) ([loic5](https://github.com/loic5))
46
- - Allow regular expressions and procs to verify issuer [\#437](https://github.com/jwt/ruby-jwt/pull/437) ([rewritten](https://github.com/rewritten))
47
- - Add Support to be able to verify from multiple keys [\#425](https://github.com/jwt/ruby-jwt/pull/425) ([ritikesh](https://github.com/ritikesh))
48
- - Define the secp256r1 curve [\#385](https://github.com/jwt/ruby-jwt/pull/385) ([anakinj](https://github.com/anakinj))
13
+ **Features:**
14
+
15
+ - Dropped support for Ruby 2.5 and older [#453](https://github.com/jwt/ruby-jwt/pull/453) - [@anakinj](https://github.com/anakinj).
16
+ - Use Ruby built-in url-safe base64 methods [#454](https://github.com/jwt/ruby-jwt/pull/454) - [@bdewater](https://github.com/bdewater).
17
+ - Updated rubocop to 1.23.0 [#457](https://github.com/jwt/ruby-jwt/pull/457) - [@anakinj](https://github.com/anakinj).
18
+ - Add x5c header key finder [#338](https://github.com/jwt/ruby-jwt/pull/338) - [@bdewater](https://github.com/bdewater).
19
+ - Author driven changelog process [#463](https://github.com/jwt/ruby-jwt/pull/463) - [@anakinj](https://github.com/anakinj).
20
+ - Allow regular expressions and procs to verify issuer [\#437](https://github.com/jwt/ruby-jwt/pull/437) ([rewritten](https://github.com/rewritten)).
21
+ - Add Support to be able to verify from multiple keys [\#425](https://github.com/jwt/ruby-jwt/pull/425) ([ritikesh](https://github.com/ritikesh)).
22
+
23
+ **Fixes and enhancements:**
24
+ - Readme: Typo fix re MissingRequiredClaim [\#451](https://github.com/jwt/ruby-jwt/pull/451) ([antonmorant](https://github.com/antonmorant)).
25
+ - Fix RuboCop TODOs [\#476](https://github.com/jwt/ruby-jwt/pull/476) ([typhoon2099](https://github.com/typhoon2099)).
26
+ - Make specific algorithms in README linkable [\#472](https://github.com/jwt/ruby-jwt/pull/472) ([milieu](https://github.com/milieu)).
27
+ - Update note about supported JWK types [\#475](https://github.com/jwt/ruby-jwt/pull/475) ([dpashkevich](https://github.com/dpashkevich)).
28
+ - Create CODE\_OF\_CONDUCT.md [\#449](https://github.com/jwt/ruby-jwt/pull/449) ([loic5](https://github.com/loic5)).
49
29
 
50
30
  ## [v2.3.0](https://github.com/jwt/ruby-jwt/tree/v2.3.0) (2021-10-03)
51
31
 
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,99 @@
1
+ # Contributing to [ruby-jwt](https://github.com/jwt/ruby-jwt)
2
+
3
+ ## Forking the project
4
+
5
+ Fork the project on GitHub and clone your own fork. Instuctions on forking can be found from the [GitHub Docs](https://docs.github.com/en/get-started/quickstart/fork-a-repo)
6
+
7
+ ```
8
+ git clone git@github.com:you/ruby-jwt.git
9
+ cd ruby-jwt
10
+ git remote add upstream https://github.com/jwt/ruby-jwt
11
+ ```
12
+
13
+ ## Create a branch for your implementation
14
+
15
+ Make sure you have the latest upstream master branch of the project.
16
+
17
+ ```
18
+ git fetch --all
19
+ git checkout master
20
+ git rebase upstream/master
21
+ git push origin master
22
+ git checkout -b fix-a-little-problem
23
+ ```
24
+
25
+ ## Running the tests and linter
26
+
27
+ Before you start with your implementation make sure you are able to get a succesful test run with the current revision.
28
+
29
+ The tests are written with rspec and [Appraisal](https://github.com/thoughtbot/appraisal) is used to ensure compatibility with 3rd party dependencies providing cryptographic features.
30
+
31
+ [Rubocop](https://github.com/rubocop/rubocop) is used to enforce the Ruby style.
32
+
33
+ To run the complete set of tests and linter run the following
34
+
35
+ ```bash
36
+ bundle install
37
+ bundle exec appraisal rake test
38
+ bundle exec rubocop
39
+ ```
40
+
41
+ ## Implement your feature
42
+
43
+ Implement tests and your change. Don't be shy adding a little something in the [README](README.md).
44
+ Add a short description of the change in either the `Features` or `Fixes` section in the [CHANGELOG](CHANGELOG.md) file.
45
+
46
+ The form of the row (You need to return to the row when you know the pull request id)
47
+ ```
48
+ - Fix a little problem [#123](https://github.com/jwt/ruby-jwt/pull/123) - [@you](https://github.com/you).
49
+ ```
50
+
51
+ ## Push your branch and create a pull request
52
+
53
+ Before pushing make sure the tests pass and RuboCop is happy.
54
+
55
+ ```
56
+ bundle exec appraisal rake test
57
+ bundle exec rubocop
58
+ git push origin fix-a-little-problem
59
+ ```
60
+
61
+ Make a new pull request on the [ruby-jwt project](https://github.com/jwt/ruby-jwt/pulls) with a description what the change is about.
62
+
63
+ ## Update the CHANGELOG, again
64
+
65
+ Update the [CHANGELOG](CHANGELOG.md) with the pull request id from the previous step.
66
+
67
+ You can ammend the previous commit with the updated changelog change and force push your branch. The PR will get automatically updated.
68
+
69
+ ```
70
+ git add CHANGELOG.md
71
+ git commit --amend --no-edit
72
+ git push origin fix-a-little-problem -f
73
+ ```
74
+
75
+ ## Keep an eye on your pull request
76
+
77
+ A maintainer will review and probably merge you changes when time allows, be patient.
78
+
79
+ ## Keeping your branch up-to-date
80
+
81
+ It's recommended that you keep your branch up-to-date by rebasing to the upstream master.
82
+
83
+ ```
84
+ git fetch upstream
85
+ git checkout fix-a-little-problem
86
+ git rebase upstream/master
87
+ git push origin fix-a-little-problem -f
88
+ ```
89
+
90
+ # Releasing a new version
91
+
92
+ The version is using the [Semantic Versioning](http://semver.org/) and the version is located in the [version.rb](lib/jwt/version.rb) file.
93
+ Also update the [CHANGELOG](CHANGELOG.md) to reflect the upcoming version release.
94
+
95
+ ```bash
96
+ rake release
97
+ ```
98
+
99
+ **If you want a release cut with your PR, please include a version bump according to **
data/README.md CHANGED
@@ -12,10 +12,12 @@ A ruby implementation of the [RFC 7519 OAuth JSON Web Token (JWT)](https://tools
12
12
  If you have further questions related to development or usage, join us: [ruby-jwt google group](https://groups.google.com/forum/#!forum/ruby-jwt).
13
13
 
14
14
  ## Announcements
15
-
15
+ * Ruby 2.4 support is going to be dropped in version 2.4.0
16
16
  * Ruby 1.9.3 support was dropped at December 31st, 2016.
17
17
  * Version 1.5.3 yanked. See: [#132](https://github.com/jwt/ruby-jwt/issues/132) and [#133](https://github.com/jwt/ruby-jwt/issues/133)
18
18
 
19
+ See [CHANGELOG.md](CHANGELOG.md) for a complete set of changes.
20
+
19
21
  ## Sponsors
20
22
 
21
23
  |Logo|Message|
@@ -130,6 +132,7 @@ puts decoded_token
130
132
  * ES256 - ECDSA using P-256 and SHA-256
131
133
  * ES384 - ECDSA using P-384 and SHA-384
132
134
  * ES512 - ECDSA using P-521 and SHA-512
135
+ * ES256K - ECDSA using P-256K and SHA-256
133
136
 
134
137
  ```ruby
135
138
  ecdsa_key = OpenSSL::PKey::EC.new 'prime256v1'
@@ -575,7 +578,7 @@ JWT.decode(token, nil, true, { algorithms: ['RS512'], jwks: jwks})
575
578
 
576
579
  ### Importing and exporting JSON Web Keys
577
580
 
578
- The ::JWT::JWK class can be used to import and export both the public key (default behaviour) and the private key. To include the private key in the export pass the `include_private` parameter to the export method.
581
+ The ::JWT::JWK class can be used to import and export both the public key (default behaviour) and the private key. To include the private key in the export pass the `include_private` parameter to the export method.
579
582
 
580
583
  ```ruby
581
584
  jwk = JWT::JWK.new(OpenSSL::PKey::RSA.new(2048))
@@ -584,27 +587,14 @@ jwk_hash = jwk.export
584
587
  jwk_hash_with_private_key = jwk.export(include_private: true)
585
588
  ```
586
589
 
587
- # Development and Tests
588
-
589
- We depend on [Bundler](http://rubygems.org/gems/bundler) for defining gemspec and performing releases to rubygems.org, which can be done with
590
-
591
- ```bash
592
- rake release
593
- ```
594
-
595
- The tests are written with rspec. [Appraisal](https://github.com/thoughtbot/appraisal) is used to ensure compatibility with 3rd party dependencies providing cryptographic features.
596
-
597
- ```bash
598
- bundle install
599
- bundle exec appraisal rake test
600
- ```
590
+ ## How to contribute
601
591
 
602
- **If you want a release cut with your PR, please include a version bump according to [Semantic Versioning](http://semver.org/)**
592
+ See [CONTRIBUTING](CONTRIBUTING.md).
603
593
 
604
594
  ## Contributors
605
595
 
606
- See `AUTHORS` file.
596
+ See [AUTHORS](AUTHORS).
607
597
 
608
598
  ## License
609
599
 
610
- See `LICENSE` file.
600
+ See [LICENSE](LICENSE).
@@ -6,13 +6,29 @@ module JWT
6
6
  module_function
7
7
 
8
8
  NAMED_CURVES = {
9
- 'prime256v1' => 'ES256',
10
- 'secp256r1' => 'ES256', # alias for prime256v1
11
- 'secp384r1' => 'ES384',
12
- 'secp521r1' => 'ES512'
9
+ 'prime256v1' => {
10
+ algorithm: 'ES256',
11
+ digest: 'sha256'
12
+ },
13
+ 'secp256r1' => { # alias for prime256v1
14
+ algorithm: 'ES256',
15
+ digest: 'sha256'
16
+ },
17
+ 'secp384r1' => {
18
+ algorithm: 'ES384',
19
+ digest: 'sha384'
20
+ },
21
+ 'secp521r1' => {
22
+ algorithm: 'ES512',
23
+ digest: 'sha512'
24
+ },
25
+ 'secp256k1' => {
26
+ algorithm: 'ES256K',
27
+ digest: 'sha256'
28
+ }
13
29
  }.freeze
14
30
 
15
- SUPPORTED = NAMED_CURVES.values.uniq.freeze
31
+ SUPPORTED = NAMED_CURVES.map { |_, c| c[:algorithm] }.uniq.freeze
16
32
 
17
33
  def sign(to_sign)
18
34
  algorithm, msg, key = to_sign.values
@@ -39,14 +55,9 @@ module JWT
39
55
  end
40
56
 
41
57
  def curve_by_name(name)
42
- algorithm = NAMED_CURVES.fetch(name) do
58
+ NAMED_CURVES.fetch(name) do
43
59
  raise UnsupportedEcdsaCurve, "The ECDSA curve '#{name}' is not supported"
44
60
  end
45
-
46
- {
47
- algorithm: algorithm,
48
- digest: algorithm.sub('ES', 'sha')
49
- }
50
61
  end
51
62
  end
52
63
  end
data/lib/jwt/decode.rb CHANGED
@@ -118,6 +118,8 @@ module JWT
118
118
 
119
119
  def decode_crypto
120
120
  @signature = Base64.urlsafe_decode64(@segments[2] || '')
121
+ rescue ArgumentError
122
+ raise(JWT::DecodeError, 'Invalid segment encoding')
121
123
  end
122
124
 
123
125
  def algorithm
data/lib/jwt/jwk/ec.rb CHANGED
@@ -59,6 +59,9 @@ module JWT
59
59
  when 'prime256v1'
60
60
  crv = 'P-256'
61
61
  x_octets, y_octets = encoded_point.unpack('xa32a32')
62
+ when 'secp256k1'
63
+ crv = 'P-256K'
64
+ x_octets, y_octets = encoded_point.unpack('xa32a32')
62
65
  when 'secp384r1'
63
66
  crv = 'P-384'
64
67
  x_octets, y_octets = encoded_point.unpack('xa48a48')
@@ -98,6 +101,7 @@ module JWT
98
101
  when 'P-256' then 'prime256v1'
99
102
  when 'P-384' then 'secp384r1'
100
103
  when 'P-521' then 'secp521r1'
104
+ when 'P-256K' then 'secp256k1'
101
105
  else raise JWT::JWKError, 'Invalid curve provided'
102
106
  end
103
107
  end
data/lib/jwt/jwk/hmac.rb CHANGED
@@ -50,7 +50,7 @@ module JWT
50
50
 
51
51
  raise JWT::JWKError, 'Key format is invalid for HMAC' unless jwk_k
52
52
 
53
- self.new(jwk_k, jwk_kid)
53
+ new(jwk_k, jwk_kid)
54
54
  end
55
55
  end
56
56
  end
data/lib/jwt/jwk/rsa.rb CHANGED
@@ -64,7 +64,7 @@ module JWT
64
64
  decode_open_ssl_bn(value)
65
65
  end
66
66
  kid = jwk_attributes(jwk_data, :kid)[:kid]
67
- self.new(rsa_pkey(pkey_params), kid)
67
+ new(rsa_pkey(pkey_params), kid)
68
68
  end
69
69
 
70
70
  private
data/lib/jwt/version.rb CHANGED
@@ -13,7 +13,7 @@ module JWT
13
13
  # minor version
14
14
  MINOR = 4
15
15
  # tiny version
16
- TINY = 0
16
+ TINY = 1
17
17
  # alpha, beta, etc. tag
18
18
  PRE = nil
19
19
 
data/lib/jwt.rb CHANGED
@@ -24,7 +24,7 @@ module JWT
24
24
  headers: header_fields).segments
25
25
  end
26
26
 
27
- def decode(jwt, key = nil, verify = true, options = {}, &keyfinder)
27
+ def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
28
28
  Decode.new(jwt, key, verify, DEFAULT_OPTIONS.merge(options), &keyfinder).decode_segments
29
29
  end
30
30
  end
data/ruby-jwt.gemspec CHANGED
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
18
18
  spec.required_ruby_version = '>= 2.5'
19
19
  spec.metadata = {
20
20
  'bug_tracker_uri' => 'https://github.com/jwt/ruby-jwt/issues',
21
- 'changelog_uri' => "https://github.com/jwt/ruby-jwt/blob/v#{JWT.gem_version}/CHANGELOG.md"
21
+ 'changelog_uri' => "https://github.com/jwt/ruby-jwt/blob/v#{JWT.gem_version}/CHANGELOG.md"
22
22
  }
23
23
 
24
24
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
29
29
  spec.add_development_dependency 'appraisal'
30
30
  spec.add_development_dependency 'bundler'
31
31
  spec.add_development_dependency 'rake'
32
+ spec.add_development_dependency 'reek'
32
33
  spec.add_development_dependency 'rspec'
33
34
  spec.add_development_dependency 'simplecov'
34
35
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.0
4
+ version: 2.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Rudat
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-06 00:00:00.000000000 Z
11
+ date: 2022-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: appraisal
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: reek
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: rspec
57
71
  requirement: !ruby/object:Gem::Requirement
@@ -91,14 +105,15 @@ files:
91
105
  - ".github/workflows/coverage.yml"
92
106
  - ".github/workflows/test.yml"
93
107
  - ".gitignore"
108
+ - ".reek.yml"
94
109
  - ".rspec"
95
110
  - ".rubocop.yml"
96
- - ".rubocop_todo.yml"
97
111
  - ".sourcelevel.yml"
98
112
  - AUTHORS
99
113
  - Appraisals
100
114
  - CHANGELOG.md
101
115
  - CODE_OF_CONDUCT.md
116
+ - CONTRIBUTING.md
102
117
  - Gemfile
103
118
  - LICENSE
104
119
  - README.md
@@ -135,7 +150,7 @@ licenses:
135
150
  - MIT
136
151
  metadata:
137
152
  bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
138
- changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.4.0/CHANGELOG.md
153
+ changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.4.1/CHANGELOG.md
139
154
  post_install_message:
140
155
  rdoc_options: []
141
156
  require_paths:
data/.rubocop_todo.yml DELETED
@@ -1,22 +0,0 @@
1
- # This configuration was generated by
2
- # `rubocop --auto-gen-config --exclude-limit 1000000`
3
- # on 2021-12-27 06:53:55 UTC using RuboCop version 1.23.0.
4
- # The point is for the user to remove these configuration records
5
- # one by one as the offenses are removed from the code base.
6
- # Note that changes in the inspected code, or installation of new
7
- # versions of RuboCop, may require this file to be generated again.
8
-
9
- # Offense count: 1
10
- # Cop supports --auto-correct.
11
- # Configuration parameters: Include.
12
- # Include: **/*.gemspec
13
- Gemspec/RequireMFA:
14
- Exclude:
15
- - 'ruby-jwt.gemspec'
16
-
17
- # Offense count: 1
18
- # Configuration parameters: AllowedMethods.
19
- # AllowedMethods: respond_to_missing?
20
- Style/OptionalBooleanParameter:
21
- Exclude:
22
- - 'lib/jwt.rb'