Build(deps): Bump jwt from 2.2.2 to 2.2.3 (PR #12775)

Bumps jwt from 2.2.2 to 2.2.3.


Sourced from jwt's changelog.

2.2.3 (2021-04-19)

Full Changelog

Implemented enhancements:

  • Verify algorithm before evaluating keyfinder #343
  • Why jwt depends on json < 2.0 ? #179
  • Support for JWK in-lieu of rsa_public #158
  • Fix rspec raise_error warning #413 (excpt)
  • Add support for JWKs with HMAC key type. #372 (phlegx)
  • Improve 'none' algorithm handling #365 (danleyden)
  • Handle parsed JSON JWKS input with string keys #348 (martinemde)
  • Allow Numeric values during encoding #327 (fanfilmu)

Closed issues:

  • "Signature verification raised", yet says "Signature Verified" #401
  • truffleruby-head build is failing #396
  • JWT::JWK::EC needs require 'forwardable' #392
  • How to use a 'signing key' as used by next-auth #389
  • undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
  • Make specifying "algorithm" optional on decode #380
  • ADFS created access tokens can't be validated due to missing 'kid' header #370
  • new version? #355
  • JWT gitlab OmniAuth provider setup support #354
  • Release with support for RSA.import for ruby < 2.4 hasn't been released #347
  • cannot load such file -- jwt #339

Merged pull requests:

... (truncated)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don’t alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually