Upgrade all dependencies#788
Conversation
Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
🤖 Augment PR SummarySummary: This PR updates the repository’s pinned dependency SHAs (core/jsonbinpack/blaze and the JSON Schema Test Suite) to newer upstream revisions. Changes:
Technical Notes: Several of the changes are in vendored dependencies and may alter public APIs/behavior (e.g., JSON Pointer concatenation and new JSON-LD/JOSE surface area). 🤖 Was this summary useful? React with 👍 or 👎 |
| const std::optional<std::string_view> expected_subject, | ||
| const std::optional<std::string_view> expected_type) | ||
| -> std::optional<JWTVerificationError> { | ||
| const auto now{this->clock_()}; |
There was a problem hiding this comment.
JWKSProvider::verify calls the injected clock_() without any exception guard, so a throwing test/consumer clock would escape verify() (unlike the fetcher which is explicitly contained). Consider whether verify() should treat a throwing clock as a failed verification path to keep its “never escape verification” resilience story consistent.
Severity: low
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| -> JSON { | ||
| // Compaction operates on input already in expanded document form. Callers | ||
| // that hold a non-expanded document expand it first. | ||
| assert(jsonld_is_expanded(input)); |
There was a problem hiding this comment.
These are exported entry points, but assert(jsonld_is_expanded(input)) means release builds will accept non-expanded input and continue with potentially nonsensical results instead of failing fast. Consider whether this should be a runtime check/error (or at least explicitly documented as undefined behavior) to avoid surprising production behavior.
Severity: medium
Other Locations
vendor/core/src/core/jsonld/jsonld.cc:141
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
Signed-off-by: Juan Cruz Viotti jv@jviotti.com