Skip to content

chore(deps): update rust crate jsonwebtoken to v10 [security]#625

Draft
dd-octo-sts[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/renovate/crate-jsonwebtoken-vulnerability
Draft

chore(deps): update rust crate jsonwebtoken to v10 [security]#625
dd-octo-sts[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/renovate/crate-jsonwebtoken-vulnerability

Conversation

@dd-octo-sts
Copy link
Copy Markdown

@dd-octo-sts dd-octo-sts bot commented Mar 9, 2026

This PR contains the following updates:

Package Type Update Change
jsonwebtoken dependencies major 910

🚨 Security Vulnerability Fix

Severity: UNKNOWN

This PR addresses a security vulnerability detected by GitHub Dependabot. Please review and merge promptly.

Release Notes

Keats/jsonwebtoken (jsonwebtoken)

v10.3.0

Compare Source

  • Export everything needed to define your own CryptoProvider
  • Fix type confusion with exp/nbf when not required

v10.2.0

Compare Source

  • Remove Clone bound from decode functions

v10.1.0

Compare Source

  • add dangerous::insecure_decode
  • Implement TryFrom &Jwk for DecodingKey

v10.0.0

Compare Source

  • BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto
  • Add Clone bound to decode
  • Support decoding byte slices
  • Support JWS

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@dd-octo-sts
Copy link
Copy Markdown
Author

dd-octo-sts bot commented Mar 9, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/user-management-service/Cargo.lock
Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path src/user-management-service/src/user-management/core/Cargo.toml --package jsonwebtoken@9.3.1 --precise 10.3.0
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured.
help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeastham1993 jeastham1993 Awaiting requested review from jeastham1993 jeastham1993 will be requested when the pull request is marked ready for review jeastham1993 is a code owner

Assignees

No one assigned

Labels

adms-dependency-update adms-renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants