chore(deps): update jsonwebtoken to 10.3.0#44
Merged
Conversation
This will help resolve the vulunaribility of - jsonwebtoken has Type Confusion that leads to potential authorization bypass Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Collaborator
Author
|
Looks like the CI errors are not related to this PR. |
This is to fix the lint error like ``` warning: struct `Bytes` is never constructed --> src/token/base64.rs:20:12 | 20 | pub struct Bytes(Vec<u8>); | ^^^^^ | = note: `#[warn(dead_code)]` (part of `#[warn(unused)]`) on by default ``` Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
fix error like
```
error: called `unwrap` on `v.realm` after checking its variant with `is_some`
--> src/store/memo_refvaluestore.rs:44:21
|
43 | if v.realm.is_some() {
| -------------------- help: try: `if let Some(<item>) = &v.realm`
44 | let p = v.realm.as_ref().unwrap();
| ^^^^^^^^^^^^^^^^^^^^^^^^^
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/rust-1.94.0/index.html#unnecessary_unwrap
```
Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
The bitmask crate has not been actively maintained for a long time, and
new version of cargo suites will raise lint error of the logic inside
that crate. We use a actively maintained crate bitflags to replace
bitmask to fix the errors like
```
warning: unexpected `cfg` condition value: `std`
--> src/token/platform.rs:17:1
|
17 | / bitmask! {
18 | | #[derive(Debug)]
19 | | mask SwClaimsSet: u8 where flags SwClaims {
20 | | MTyp = 0x01,
... |
27 | | }
| |_^
|
= note: no expected values for `feature`
= note: using a cfg inside a macro will use the cfgs from the destination crate and not the ones from the defining crate
= help: try referring to `bitmask` crate for guidance on how handle this unexpected cfg
= help: the macro `bitmask` may come from an old version of the `bitmask` crate, try updating your dependency with `cargo update -p bitmask`
= note: see <https://doc.rust-lang.org/nightly/rustc/check-cfg/cargo-specifics.html> for more information about checking conditional configuration
= note: `#[warn(unexpected_cfgs)]` on by default
= note: this warning originates in the macro `bitmask` (in Nightly builds, run with -Z macro-backtrace for more info)
```
Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Collaborator
Author
|
let me help to resolve the lint errors. |
Collaborator
Author
|
well. I do not know why the cargo-deny blocks, but looks like not related to the PR again. I am not planning to resolve that in this PR because I am not familiar with this part ; ) |
This also updates openssl from v0.10.34 to v0.10.72 to addres CVE-2025-3416 Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This will help resolve the vulunaribility of
Hi @thomas-fossati Could you help to get this in and publish a new release if it looks good to you? We downstream found the vulnerable.