fix(deps): update module github.com/micahparks/keyfunc to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/MicahParks/keyfunc	v1.9.0 -> v3.7.0

---

Release Notes

MicahParks/keyfunc (github.com/MicahParks/keyfunc)

v3.7.0: Expose HTTP client as an option

Compare Source

The purpose of this release is to expose an option to override the *http.DefaultClient.

Relevant pull requests:

• #​146

v3.6.2: Ignore unsupported keys by default

Compare Source

The purpose of this release is to ignore unsupported keys in a JWK Set by default.

Relevant issues:

• MicahParks/jwkset#60

Relevant pull requests:

• #​143
• MicahParks/jwkset#61

v3.6.1: HTTPTimeout override

Compare Source

The purpose of this release is to expose the HTTPTimeout override.

This modified the HTTP client behavior in the jwkset project.

Relevant pull requests:

• #​141

v3.6.0

Compare Source

v3.5.0: Return all when no key ID

Compare Source

The purpose of this release is to return all keys for JWT for signature verification when the token has no key ID, kid, header. This is enabled by the jwt.VerificationKeySet feature.

This should allow use cases that do not use the without the kid to use this project.

Relevant issues:

• #​127
• #​138

Relevant pull requests:

• #​140

v3.4.0: Override defaults

Compare Source

The purpose of this release is to add the NewDefaultOverrideCtx function, which allows for defaults to be overridden.

Package users should now be able to turn JWK Set validation off as well as change other default behaviors.

Relevant issues:

• #​126

Relevant pull requests:

• #​137

v3.3.11

Compare Source

v3.3.10

Compare Source

v3.3.9

Compare Source

v3.3.8

Compare Source

v3.3.7

Compare Source

v3.3.6

Compare Source

v3.3.5

Compare Source

v3.3.4

Compare Source

v3.3.3

Compare Source

v3.3.2: Allow for user provided ctx during parse

Compare Source

The purpose of this release is to add a new method, .KeyfuncCtx.

This new method accepts a context.Context, then returns a jwt.Keyfunc. This user provided context.Context is used during JWK lookup in the github.com/MicahParks/jwkset package when parsing JWTs. Passing a request scoped context allows the JWT parsing and JWK retrieval to cancel according to the given context.Context behavior instead of the default context.Context, which was provided at keyfunc.Keyfunc initialization.

In practice, this is used to prevent situations where many JWTs with kid not in a remote JWK Set are attempting to be parsed over a long period of time.

Relevant issues:

• MicahParks/jwkset#26

Relevant pull requests:

• #​118
• #​119
• #​120
• #​121

v3.3.1

Compare Source

v3.3.0

Compare Source

v3.2.9

Compare Source

v3.2.8

Compare Source

v3.2.7

Compare Source

v3.2.6

Compare Source

v3.2.5

Compare Source

v3.2.4

Compare Source

v3.2.3: Wrap errors where appropriate

Compare Source

The purpose of this pull request is to wrap errors with errors.Join where appropriate.

Relevant issues:

• #​103

Relevant pull requests:

• #​104

v3.1.2: X.509 Thumbprint bug fix

Compare Source

JWK Sets have two X.509 thumbprint parameters that are optional. A bug in github.com/MicahParks/jwkset made these parameters required in circumstances that affect the keyfunc project. This release updates this dependency to the latest version.

Thank you, @​joshkaplinsky, for reporting this bug!

Please see the below release for details:
https://github.com/MicahParks/jwkset/releases/tag/v0.5.5

v3.1.1

Compare Source

v3.1.0

Compare Source

v3.0.0: V3 simplify API by using github.com/MicahParks/jwkset

Compare Source

This upgrade removes most of the code in this repository and outsources JWK and JWK Set related code to the updated github.com/MicahParks/jwkset package. The exported assets from the keyfunc project has been vastly reduced as well, with the intention of making it easier to use for the majority of use cases.

[!NOTE]
A superset of features from V1 and V2 is available.

v2.1.0: Tolerate initial JWK Set HTTP Error

Compare Source

The purpose of this release is to add a new feature that allows keyfunc.Get to continue without error even if the initial HTTP request to the JWK Set fails. This supports the use case of multiple JWK Sets when a subset are undergoing maintenance, among others.

This is done through the new TolerateInitialJWKHTTPError field on the keyfunc.Options data structure. If the initial HTTP request fails, the resulting *keyfunc.JWKS will contain no keys, but have the opportunity to be populated by a future background goroutine refresh.

Relevant issues:

• #​64
• #​90

Relevant pull requests:

• #​91

v2.0.3

Compare Source

The purpose of this release is to correct a comment and error text.

Relevant pull requests:

• #​89

v2.0.2

Compare Source

The purpose of this release is to change the limitation for creating a MultipleJWKS from requiring 2 or more JWK Set URLs to 1 JWK Set URLs. It appears there was no technical reason for this limitation and it is more convenient to use the Multi JWK Set implementation in some use cases.

Related issues:

• #​87

Related pull requests:

• #​88

v2.0.1: Fix bug with context option

Compare Source

The purpose of this pull request is to fix a bug that prevents the context.Context passed in keyfunc.Options from behaving as described. The described behavior was that the background goroutine would be closed when the context was cancelled, however, the context was immediately overwritten with context.Background() causing its value to be ignored.

Thank you to our new contributor @​tho!

Related issues:

• #​85

Related pull requests:

• #​86

v2.0.0

Compare Source

The purpose of this release is to move support from [github.com/golang-jwt/jwt/v4](http://github.com/golang-jwt/jwt/v4) to [github.com/golang-jwt/jwt/v5](http://github.com/golang-jwt/jwt/v5).

The biggest breaking change is the upstream JWT package version. The other breaking change is that the following deprecated functions have been overwritten by those with the same name plus the WithOptions suffix.

• NewGivenCustom
• NewGivenECDSA
• NewGivenEdDSA
• NewGivenHMAC
• NewGivenRSA

If you need to use [github.com/golang-jwt/jwt/v4](http://github.com/golang-jwt/jwt/v4), the last version of this project to support it is v1.9.0. Should there be a necessary change to this project for /v4 users, it will be located in the separate [github.com/MicahParks/compatibility-keyfunc](http://github.com/MicahParks/compatibility-keyfunc) project.

Relevant pull requests:

• #​46
• #​84

Relevant issues:

• #​82

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.20 -> 1.21

[coveralls]

Pull Request Test Coverage Report for Build 18334474959

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 63.399%

---

Totals
Change from base Build 8936744787:	0.0%
Covered Lines:	194
Relevant Lines:	306

---

💛 - Coveralls