Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4

[dependabot]

Bumps github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4.

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.3

This release drops Go 1.23 support as that Go release is no longer supported. With that, we can drop x/crypto and no longer have any external dependencies in go-jose outside of the standard library!

This release fixes a bug where a critical b64 header was ignored if in an unprotected header. It is now rejected instead of ignored.

What's Changed

• Remove Go 1.23 support by @​mcpherrinm in go-jose/go-jose#205
• Reject JWS with an unprotected critical b64 header by @​mcpherrinm in go-jose/go-jose#210

Full Changelog: go-jose/go-jose@v4.1.2...v4.1.3

v4.1.2

What's Changed

go-jose v4.1.2 improves some documentation, errors, and removes the only 3rd-party dependency.

• Update go-jose documentation by @​mcpherrinm in go-jose/go-jose#198
• Remove dependency on testify by @​wardviaene in go-jose/go-jose#197
• Improve error message for invalid private keys by @​ProjectMutilation in go-jose/go-jose#195
• JWK unsupported error when unmarshalling by @​fprojetto in go-jose/go-jose#191
• Add JSONWebKey type to makeJWERecipient by @​alvarolivie in go-jose/go-jose#200
• testutils/assert: remove True, Nil, NotNil by @​jsha in go-jose/go-jose#202

New Contributors

• @​wardviaene made their first contribution in go-jose/go-jose#197
• @​fprojetto made their first contribution in go-jose/go-jose#191
• @​alvarolivie made their first contribution in go-jose/go-jose#200

Full Changelog: go-jose/go-jose@v4.1.1...v4.1.2

v4.1.1

What's Changed

• Drop go-cmp dependency by @​mcpherrinm in go-jose/go-jose#186
• jws: improve performance and allocations for ParseSignedCompact by @​drakkan in go-jose/go-jose#188
• Add missing quote to unknown curve message #170 by @​sudhanvaghebbale in go-jose/go-jose#189
• Fix incorrect validation by @​ProjectMutilation in go-jose/go-jose#192
• Restore Go 1.23 compatibility by @​anuraaga in go-jose/go-jose#193

New Contributors

• @​drakkan made their first contribution in go-jose/go-jose#188
• @​sudhanvaghebbale made their first contribution in go-jose/go-jose#189
• @​ProjectMutilation made their first contribution in go-jose/go-jose#192
• @​anuraaga made their first contribution in go-jose/go-jose#193

Full Changelog: go-jose/go-jose@v4.1.0...v4.1.1

v4.1.0

What's Changed

• Document signatureAlgorithms argument by @​tgeoghegan in go-jose/go-jose#163
• Add custom error for unsupported JWS signature algorithms by @​beautifulentropy in go-jose/go-jose#181
• use stdlib pbkdf2 package on go 1.24 by @​kruskall in go-jose/go-jose#180

... (truncated)

Commits

• 0e59876 Merge commit from fork
• ddffdbc Bump actions/checkout from 5 to 6 (#213)
• 5348b9a Reject JWS with an unprotected critical b64 header (#210)
• 9153a5e Bump actions/setup-python from 5 to 6 (#208)
• 2126e17 Bump actions/setup-go from 5 to 6 (#209)
• 9860c65 Bump actions/checkout from 4 to 5 (#206)
• 14239fd Remove Go 1.23 support (#205)
• a16e158 Update CI to run on Go 1.24 and 1.25 (#204)
• a1565a4 testutils/assert: remove True, Nil, NotNil (#202)
• 3a80e13 jwe: accept non-pointer JSONWebKey in Recipient (#200)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[neetogit-bot]

Label "go" is not an approved label and cannot be applied.

For a detailed list of all allowed labels please refer to approved labels list.
If you want to add a new label to this list, please create an issue in neeto-engineering-web and get it approved by Neeraj/Suman/Kirti.

[neetogit-bot]

NeetoGit is monitoring this dependabot PR (github.com/go-jose/go-jose/v4 4.0.5 → 4.1.4). Once CI completes, this PR will be auto-merged if all checks pass, or a reviewer will be assigned if CI fails.

---

This comment was auto-generated by NeetoGit.

[neetogit-bot]

Label "go" is not an approved label and cannot be applied.

For a detailed list of all allowed labels please refer to approved labels list.
If you want to add a new label to this list, please create an issue in neeto-engineering-web and get it approved by Neeraj/Suman/Kirti.