Update dependency rbdwllr/reallysimplejwt to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
rbdwllr/reallysimplejwt	^2.0 -> ^5.0

---

Release Notes

RobDWaller/ReallySimpleJWT (rbdwllr/reallysimplejwt)

v5.0.0: Release

Compare Source

This release upgrades the ReallySimpleJWT library to work with PHP 8 and above. It also makes some significant design tweaks to the underlying codebase which should empower further improvements and functionality. The core interfaces for the library remain unchanged which should minimise the impact of the release.

The main design changes are the removal of the Secret class and interface, secret validation is now handled in the relevant encoding class. Token structure validation is now enforced in the Jwt value object class and not the Validator class. The Validate class now depends on the Parsed class, not the Parse class. This simplifies the Parse class and means token claim data access is only in one place.

Additional Work:

• Upgraded dependent packages to work with PHP 8.
• Added the new mixed and union types available in PHP 8.
• Removed the secret property from the Jwt class.
• Token secrets now validated by new EncodeHS256Strong class.
• Added PHP CS Fixer to CI pipeline.
• Removed unused import statements.
• Ensured declare strict types were applied everywhere.
• Updated comments and readme documentation.
• Fixed issues with CI pipeline SonarCloud integration.
• Fixed issues with CI pipeline Infection PHP integration.
• Updated and Modified exception messages and codes.

To Do:

• Improve the SonarCloud sed command implementation in the CI pipeline.
• Look into the issue with the user_id and sub claims.
• Fix issues with Infection PHP Implementation.

Notes:

• Welcome to the world Reuben I love you and your big brother Jacob! ❤️

v4.0.3: Not Before Validation Fix

Compare Source

This release fixes a bug with the way the package validates Not Before claims in tokens. The Not Before claim defines when a token is usable from, it should have validated when the nbf claim matched the current time, but it didn't. This has been resolved.

See issue #​69 for further details.

Additional Work:

• Updated PHP Bench Version and Config.
• Removed PHP 8 Checks from CI Pipeline.
• Updated comments in Validator class so functionality is clearer.

v4.0.2: Validate Algorithm Not None

Compare Source

This security patch adds a check to the Tokens::validate() method to ensure the algorithm provided is not set to none as this may result in token misuse.

Additional Work:

• Updated README documentation.

v4.0.1: Documentation and CI Fixes

Compare Source

This release makes some documentation improvements to the README based on issue #​63 to make validation method usage clearer in the Token class.

Additional Work:

• Fixed PHP version support badge in README.
• Fixed CI Pipeline integration with Stryker Dashboard for Mutation Score Index.

v4.0.0: Release

Compare Source

Version 4.0.0 of ReallySimpleJWT is a significant release as it makes numerous interface changes to improve the composability of the package. It also upgrades PHP support from version 7.2 and above to version 7.4 and above.

The core Token class interface mainly remains unaffected by this release, but a lot of what sits behind it has changed. The Token class is now just a static interface wrapper around the new Tokens class. This enables developers to instantiate and inject the core ReallySimpleJWT functionality if they chose too.

In addition, the validation functionality which existed in the Parse class has been abstracted away and now just exists in the Validate and Helper\Validator classes. Also a number of interfaces for encoding, decoding and validation have been created, this increases composability and allows developers to amend functionality to meet their needs.

Additional Work:

• Updated GitHub Actions CI to work with PHP 7.4 and PHP 8.0.
• Updated comment and README documentation.
• Upgraded PHPUnit Config for PHP 7.4 and above.
• Separated tests into two test suites, Unit and Integration.
• Created class specific Exception classes.
• Abstracted decode functionality away from Encode class into separate Decode class.
• Moved Encode class to Encoders namespace and made it HS256 specific.
• Added PHP 7.4 property type information to classes.
• Bumped PHPStan strictness to level 8.
• Deleted Errors Trait as no longer needed.
• Created Base64 trait to encapsulate functionality.

To Do:

• Add BuildValidate Benchmark Test.
• Add Covers Annotations to tests.
• Abstract documentation away from README, look into documentation tools.
• Fix PHP 8.0 CI pipeline to work correctly with supported packages.

v3.1.2: Validate Algorithm Not None

Compare Source

This security patch adds a check to the Parse::validate() method to ensure the algorithm provided is not set to none as this may result in token misuse.

Additional Work:

• Fixed failing CI tasks.
• Updated README documentation.

v3.1.1: Validate Algorithm Security Fix

Compare Source

none has been removed as a default from the validate algorithm method. This is because it could lead to a security vulnerability in a small number of instances. This functionality will be improved in version 4.0.0.

v3.1.0: Validate Algorithm

Compare Source

The main purpose of this release is to provide a means to validate the algorithm, or alg claim, of the supplied token. As such a validateAlgorithm() method has been added to the Parse class to enable this functionality. This allows for better compliance with RFC 7519.

This release also moves the CI pipeline from Travis CI to GitHub Actions. This wasn't planned but Travis seems to be experiencing a lot of problems lately so the decision was taken to move over now.

Additional Work:

• Added further unit tests.
• Updated README documentation with information on new features.
• Amends to Composer config to improve dependency management in production.
• Testing Roave backwards compatibility checker.

To Do:

• Next significant release will be 4.0.0.
• Update README method references with full method signatures.
• Add Covers Annotations to tests.
• Integrate fully with PHP 7.4, add property types.
• Improve encode / decode functionality so it is easier to create custom implementations.
• Integrate Roave backwards compatibility checker into CI pipeline.

v3.0.3: Audience Validation Patch

Compare Source

This release patches an issue where the two audience validation checks both return the same exception code but different messages. The Audience claim is not set. exception now returns the code 11 instead of 2. The README documentation has been updated to match and surface this change.

v3.0.2: Remove Unnecessary Exception Code

Compare Source

Very small change which removes some unnecessary code bloat from the ValidateException class. Also adds a small addition to the CI pipeline to validate the Composer config.

v3.0.1: PHPUnit Bug Fix

Compare Source

This patch release resolves a bug in the PHPUnit config. This did not effect how the library functions but did break the CI mutation tests.

Also this version adds some documentation amendments to the README to reflect changes made to the JavaScript library rs-jwt.

v3.0.0: Version 3.0 Release

Compare Source

This is a breaking release which makes changes to the way token encoding / decoding works. Specifically abstracting the signature secret validation into a separate class and interface. This is so it is easier to implement custom signature secret validation. The release also bumps the minimum supported version of PHP to 7.2.

The other functional improvement is to add validate audience functionality to the parse and validate classes.

Full list of changes:

• Added Benchmark tests to improve performance observability.
• Bumped minimum PHP version to 7.2.
• Bumped dependency versions.
• Adds Secret Interface.
• Adds separate Secret class to validate signature secrets.
• Updates encode interface and class to reflect changes made to signature secret validation.
• Add validate audience claim functionality.
• Adds PHP 7.4 environment check to code pipeline.
• Updates README documentation and comments.

Future planned improvements:

• Make further improvements to encode / decode functionality so it is easier to create custom implementations.
• Enhance the validate audience functionality further.
• Bump PHP support up to 7.4 and add property types to code.
• Improve test suite.
• Clean up comments documentation.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.