build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4 in /pkg/app/pipedv1/plugin/scriptrun by dependabot[bot] · Pull Request #6637 · pipe-cd/pipecd

dependabot · 2026-04-03T03:42:01Z

Bumps github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4.

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

v4.1.3

This release drops Go 1.23 support as that Go release is no longer supported. With that, we can drop x/crypto and no longer have any external dependencies in go-jose outside of the standard library!

This release fixes a bug where a critical b64 header was ignored if in an unprotected header. It is now rejected instead of ignored.

What's Changed

Remove Go 1.23 support by @mcpherrinm in go-jose/go-jose#205

Reject JWS with an unprotected critical b64 header by @mcpherrinm in go-jose/go-jose#210

Full Changelog: go-jose/go-jose@v4.1.2...v4.1.3

v4.1.2

What's Changed

go-jose v4.1.2 improves some documentation, errors, and removes the only 3rd-party dependency.

Update go-jose documentation by @mcpherrinm in go-jose/go-jose#198

Remove dependency on testify by @wardviaene in go-jose/go-jose#197

Improve error message for invalid private keys by @ProjectMutilation in go-jose/go-jose#195

JWK unsupported error when unmarshalling by @fprojetto in go-jose/go-jose#191

Add JSONWebKey type to makeJWERecipient by @alvarolivie in go-jose/go-jose#200

testutils/assert: remove True, Nil, NotNil by @jsha in go-jose/go-jose#202

New Contributors

@wardviaene made their first contribution in go-jose/go-jose#197

@fprojetto made their first contribution in go-jose/go-jose#191

@alvarolivie made their first contribution in go-jose/go-jose#200

Full Changelog: go-jose/go-jose@v4.1.1...v4.1.2

v4.1.1

What's Changed

Drop go-cmp dependency by @mcpherrinm in go-jose/go-jose#186

jws: improve performance and allocations for ParseSignedCompact by @drakkan in go-jose/go-jose#188

Add missing quote to unknown curve message #170 by @sudhanvaghebbale in go-jose/go-jose#189

Fix incorrect validation by @ProjectMutilation in go-jose/go-jose#192

Restore Go 1.23 compatibility by @anuraaga in go-jose/go-jose#193

New Contributors

@drakkan made their first contribution in go-jose/go-jose#188

@sudhanvaghebbale made their first contribution in go-jose/go-jose#189

@ProjectMutilation made their first contribution in go-jose/go-jose#192

@anuraaga made their first contribution in go-jose/go-jose#193

... (truncated)

Commits

0e59876 Merge commit from fork
ddffdbc Bump actions/checkout from 5 to 6 (#213)
5348b9a Reject JWS with an unprotected critical b64 header (#210)
9153a5e Bump actions/setup-python from 5 to 6 (#208)
2126e17 Bump actions/setup-go from 5 to 6 (#209)
9860c65 Bump actions/checkout from 4 to 5 (#206)
14239fd Remove Go 1.23 support (#205)
a16e158 Update CI to run on Go 1.24 and 1.25 (#204)
a1565a4 testutils/assert: remove True, Nil, NotNil (#202)
3a80e13 jwe: accept non-pointer JSONWebKey in Recipient (#200)
Additional commits viewable in compare view

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.5 to 4.1.4. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.0.5...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 3, 2026

dependabot Bot requested a review from a team as a code owner April 3, 2026 03:42

dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 3, 2026

dependabot Bot requested a review from Warashi April 3, 2026 03:42

dependabot Bot added the go Pull requests that update Go code label Apr 3, 2026

dependabot Bot requested review from khanhtc1202 and t-kikuc April 3, 2026 03:42

github-actions Bot added area/go area/pipedv1 labels Apr 3, 2026

dependabot Bot force-pushed the dependabot/go_modules/pkg/app/pipedv1/plugin/scriptrun/github.com/go-jose/go-jose/v4-4.1.4 branch from 2cb95d9 to 2d401c8 Compare April 21, 2026 08:03

dependabot Bot force-pushed the dependabot/go_modules/pkg/app/pipedv1/plugin/scriptrun/github.com/go-jose/go-jose/v4-4.1.4 branch from 2d401c8 to ec9789e Compare April 21, 2026 10:41

khanhtc1202 approved these changes Apr 21, 2026

View reviewed changes

khanhtc1202 enabled auto-merge (squash) April 21, 2026 10:43

khanhtc1202 merged commit 479186a into master Apr 21, 2026
45 checks passed

khanhtc1202 deleted the dependabot/go_modules/pkg/app/pipedv1/plugin/scriptrun/github.com/go-jose/go-jose/v4-4.1.4 branch April 21, 2026 10:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4 in /pkg/app/pipedv1/plugin/scriptrun#6637

build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4 in /pkg/app/pipedv1/plugin/scriptrun#6637
khanhtc1202 merged 1 commit intomasterfrom
dependabot/go_modules/pkg/app/pipedv1/plugin/scriptrun/github.com/go-jose/go-jose/v4-4.1.4

dependabot Bot commented on behalf of github Apr 3, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.1.4

What's Changed

v4.1.3

What's Changed

v4.1.2

What's Changed

New Contributors

v4.1.1

What's Changed

New Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 3, 2026 •

edited

Loading