v1.2.24

v1.2.24 05 May 2022
[Security]
  * Upgrade golang.org/x/crypto (#724)

v2.0.0

v2 has many incompatibilities with v1. To see the full list of differences between
v1 and v2, please read the Changes-v2.md file (https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes-v2.md)

v2.0.0 - 24 Apr 2022
  * This i the first v2 release, which represents a set of design changes
    that were learnt over the previous 2 years. As a result the v2 API
    should be much more consistent and uniform across packages, and
    should be much more flexible to accomodate real-world needs.

    For a complete list of changes, please see the Changes-v2.md file,
    or check the diff at https://github.com/lestrrat-go/jwx/compare/v1...v2

[Miscellaneous]
  * Minor house cleaning on code generation tools

[jwt]
  * `jwt.ErrMissingRequiredClaim()` has been added

v2.0.0-beta2

v2.0.0-beta2 - 16 Apr 2022
[jwk]
  * Updated `jwk.Set` API and reflected pending changes from v1 which were
    left over. Please see Changes-v2.md file for details.

  * Added `jwk.CachedSet`, a shim over `jwk.Cache` that allows you to
    have to write wrappers around `jwk.Cache` that retrieves a particular
    `jwk.Set` out of it. You can use it to, for example, pass `jwk.CachedSet`
    to a `jws.Verify`

      cache := jwk.NewCache(ctx)
      cache.Register(ctx, jwksURL)
      cachedSet := jwk.NewCachedSet(cache, jwksURL)
      jws.Verify(signed, jws.WithKeySet(cachedSet))

v1.2.23

v1.2.23 13 Apr 2022
[Bug fixes]
  * [jwk] jwk.AutoRefresh had a race condition when `Configure()` was
    called concurrently (#686)
    (It has been patched correctly, but we may come back to revisit
     the design choices in the near future)

v2.0.0-beta1

v2.0.0-beta1 - 09 Apr 2022
[Miscellaneous]
  * Renamed Changes.v2 to Changes-v2.md
  * Housecleaning for lint action.
  * While v2 was not affected, ported over equivalent test for #681 to catch
    regressions in the future.
  * Please note that there is no stability guarantees on pre-releases.

v1.2.22

v1.2.22 08 Apr 2022
[Bug fixes]
  * [jws] jws.Verify was ignoring the `b64` header when it was present
    in the protected headers (#681). Now the following should work:

      jws.Sign(..., jws.WithDetachedPayload(payload))
      // previously payload had to be base64 encoded
      jws.Verify(..., jws.WithDetachedPayload(payload))

    (note: v2 branch was not affected)

v2.0.0-alpha1

v2 has many incompatibilities with v1. To see the full list of differences between
v1 and v2, please read the Changes.v2 file

v2.0.0-alpha1 - 4 Apr 2022
  * Initial pre-release of v2 line. Please note that there is no stability guarantees
    on pre-releases.

v1.2.21

v1.2.21 30 Mar 2022
[Bug fixes]
  * [jwk] RSA keys without p and q can now be parsed.

v1.2.20

v1.2.20 03 Mar 2022
[Miscellaneous]
  * Dependency on golang.org/x/crypto has been upgraded to
    v0.0.0-20220214200702-86341886e292 to address
    https://nvd.nist.gov/vuln/detail/CVE-2020-14040 (#598)

v1.2.19

v1.2.19 22 Feb 2022
[New Feature]
  * [jwk] jwk.Parse (and (jwk.AutoRefresh).Configure) can accept a new
    option `jwk.WithIgnoreParseError(bool)`, which allows users to ignore
    errors during parsing of each key contained in the JWKS, allowing
    you to "skip" invalid keys.

    This option should not be used lightly, as it hides the presence of
    possibly faulty keys. However, this can be an escape hatch if you are
    faced with a faulty JWKS that you do not control.