jwt-2.3.0

v2.3.0 (2021-10-03)

Full Changelog

Closed issues:

• [SECURITY] Algorithm Confusion Through kid Header #440
• JWT to memory #436
• ArgumentError: wrong number of arguments (given 2, expected 1) #429
• HMAC section of README outdated #421
• NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
• Release new version #409
• NameError: uninitialized constant JWT::JWK #403

Merged pull requests:

• Fix Style/MultilineIfModifier issues #447 (anakinj)
• feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
• Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
• fix document about passing JWKs as a simple Hash #443 (takayamaki)
• Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
• verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
• Allow decode options to specify required claims #430 (andyjdavis)
• Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
• Add documentation for find_key #426 (ritikesh)
• Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
• Tests for iat verification behaviour #423 (anakinj)
• Remove HMAC with nil secret from documentation #422 (boardfish)
• Update broken link in README #420 (severin)
• Add metadata for RubyGems #418 (nickhammond)
• Fixed a typo about class name #417 (mai-f)
• Fix references for v2.2.3 on CHANGELOG #416 (vyper)
• Raise IncorrectAlgorithm if token has no alg header #411 (bouk)