What's Changed
Please read the Changes file and upgrade accordingly, especially if you are using the following combinations for JWE:
- DIRECT mode content encryption
- Using A256CBC_HS512
- With an erroneously created CEK of exactly 32-bytes.
- Bump actions/cache from 4.2.1 to 4.2.3 by @dependabot in #1336
- Bump actions/checkout from 4.1.7 to 4.2.2 by @dependabot in #1337
- Bump actions/setup-go from 5.0.2 to 5.4.0 by @dependabot in #1338
- Update 02-jws.md by @lestrrat in #1341
- Bump golang.org/x/crypto from 0.36.0 to 0.37.0 by @dependabot in #1342
- Add the claim name to error messages produced by ClaimValueIs() by @jmalloc in #1347
- Tweak comments generated by genwa under jwa directory by @lestrrat in #1348
- autodoc updates by @github-actions in #1349
- Disable funcorder by @lestrrat in #1351
- Update .golangci.yml by @lestrrat in #1353
- Update github.com/lestrrat-go/blackmagic by @lestrrat in #1352
- disable dependabot for develop/v1 branch by @lestrrat in #1358
- jws: improve performance for SplitCompact/SplitCompactString by @drakkan in #1360
- jwe: use strings.Cut in parseCompact by @drakkan in #1362
- Update httprc to v3.0.0-beta2 by @lestrrat in #1364
- Create SECURITY.md by @lestrrat in #1365
- [v3] Explcitly check key sizes before passing to aes.NewCipher by @lestrrat in #1367
New Contributors
Full Changelog: v3.0.0...v3.0.1