supabase / auth

67%

LAST BUILD ON BRANCH master

branch: SELECT

CHANGE BRANCH

x

Sync Branches

• No branch selected
• add-max-length-check-for-email
• bo/docs/readme-code-syntax
• chore-fix-link-to-netlify-gotrue
• chore/testing
• cs/chore-gosec-fixes
• cs/conf-coverage
• cs/feat-config-reloader
• cs/feat-email-and-sms-rate-limiting
• cs/feat-mailer-logging
• cs/feat-rate-limiter-persistence
• cs/feat-validate-email-address
• cs/fix-rate-limit-zero-value-test
• cs/fix-respect-rate-limit-zero
• cs/master-fix-missing-error-propagation
• cs/rate-limit-refactor
• cs/reload-coverage
• dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.4
• dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1
• dependabot/go_modules/github.com/rs/cors-1.11.0
• dependabot/go_modules/golang.org/x/crypto-0.31.0
• dependabot/go_modules/golang.org/x/net-0.23.0
• development
• docs-anon-login-configs
• docs/remove-unused-env-var
• feat-slack-oauth-v2
• feat/min-jwt
• feat_docker_compose_and_go
• figma-auth
• fix-binary-name
• fix-contributing-md
• fix-magiclink-requiredchars
• fix/update-sanitize-signup
• fix_contributing_typo
• hf/aao-in-send-email
• hf/add-authorized-email-addresses
• hf/add-azure-ciam
• hf/add-exhaustive
• hf/add-magic-link-disable-toggle
• hf/add-max-idle-time
• hf/add-one-time-tokens
• hf/add-support-for-argon2
• hf/adjust-required-claims-in-auth-hooks
• hf/artifact-bucket
• hf/captcha-parsing-fix
• hf/chore-release-as-2-165-2
• hf/ci-alpine-3
• hf/ci-dogofooding-checks-on-release
• hf/ci-fast-release-tarball
• hf/ci-fix-binary-version-docker
• hf/ci-fix-coverage-metering
• hf/ci-fix-dogfooding
• hf/ci-fix-dogfooding-take-2
• hf/cover-crypto-100
• hf/email-rate-limiting-new-config
• hf/encrypt-sensitive-columns
• hf/encrypted-password-pointer
• hf/external-host-validation
• hf/feat-bump-new-version
• hf/feat-embedded-migrations
• hf/fix-argon2
• hf/fix-authenticate-empty-string
• hf/fix-coveralls-image
• hf/fix-custom-sms-twilio-verify
• hf/fix-expose-x-supabase-api-version-header-in-cors
• hf/fix-idempotent-logout
• hf/fix-identity-email-verified
• hf/fix-local-dockerfile
• hf/fix-mail-headers
• hf/fix-mfa-config-backward-compatibility
• hf/fix-timeout-writer
• hf/fix-write-header
• hf/fix-write-header-deadlock
• hf/gomft
• hf/hook-log
• hf/inline-mailme
• hf/limit-low-aal-sessions
• hf/log-json-error-response
• hf/mail-headers
• hf/merge-metadata
• hf/phase-ii-ott
• hf/remove-data-migrations
• hf/saml-array-values
• hf/saml-encrypted-assertions
• hf/saml-specific-external-url
• hf/x-sb-error-code
• j0/accurately_affect_max_frequency_limit
• j0/add_additional_info_around_mime_type_error
• j0/add_context_to_load_factor
• j0/add_custom_email_sender_hook
• j0/add_has_factor_claim
• j0/add_hook_trigger_logic
• j0/add_last_challenged_at
• j0/add_mfa_phone_openapi_spec
• j0/add_mfa_sms
• j0/add_scrypt_password_hash
• j0/add_timeout_middleware
• j0/add_token_for_non_secure_email_change
• j0/add_twilio_verify_support_for_mfa_phone
• j0/add_webauthn
• j0/add_webauthn_config
• j0/adjust_mfa_status_codes
• j0/allow_kong_and_edge_functions
• j0/allow_only_one_phone_factor
• j0/allow_postgres_and_http_on_extensibility_point
• j0/backport_auth_namespace_to_enums
• j0/change_mfa_error_code
• j0/check_for_phone_identity_on_phone_chang
• j0/custom_email_hook
• j0/deprecate_mfa_enabled_config
• j0/drop_uniqueness_constraint_on_mfa_phone
• j0/fido2_authenticator_challenge_verify_model
• j0/fix_email_change_with_phone_auth
• j0/fix_migration_idempotent_phone_cnfig
• j0/fix_rc_duplicate_identifier
• j0/fixes_while_testing
• j0/forbid_access_token_issuance_without_session
• j0/hide_hook_name
• j0/merge_aal_and_amr_update
• j0/mfa_refactor_load_factor
• j0/minor_speling_error
• j0/move_totp_mfa_to_dedicated_fn
• j0/move_verification_into_mailer_package
• j0/patch_secure_email_change
• j0/phone_mfa_refactors
• j0/prevent_panic_on_email_change
• j0/publish_to_ghcr
• j0/refactor_generate_access_token
• j0/refactor_generate_access_token_to_accept_request
• j0/remove_deprecated_code
• j0/remove_find_factors_by_user
• j0/remove_find_session_by_id
• j0/remove_set_cookie_tokens
• j0/remove_totp_field_for_phone_response
• j0/rename_to_send_sms
• j0/require_appropriate_aal_for_pw_update
• j0/return_factor_type_in_challenge
• j0/send_over_user_in_send_sms_hook
• j0/update_auth_functions
• j0/update_hook_schema
• j0/update_mfa_error_message
• j0/update_openapi_schema
• j0/update_openapi_spec
• j0/update_phone_admin_methods
• j0/upgrade-contrib-docs
• j0/upgrade_go_version
• j0/upgrade_otel_deps
• j0/validate_send_email
• j0/webauthn_fixes
• janek/signup-identities-email-verified
• km/add-error-codes
• km/add-error-codes-password-login
• km/add-ip-based-limits
• km/add-saml-tests
• km/alter-auth-uid
• km/bump-alpine-go
• km/check-empty-aud
• km/chore-remove-unused-hook-outputs
• km/cleanup-anonymous-users
• km/feat-asymmetric-jwt-support
• km/fix-admin-update-user
• km/fix-anonymous-user-linking
• km/fix-attribute-mapping
• km/fix-auth-hook-error
• km/fix-auth-hooks
• km/fix-authorized-emails
• km/fix-authorized-middleware-check
• km/fix-cleanup-logging
• km/fix-context-cancellation
• km/fix-custom-sms-hook-config
• km/fix-email-verified
• km/fix-enable-rls
• km/fix-external-state
• km/fix-ignore-rate-limits-for-autoconfirm
• km/fix-improve-session-error
• km/fix-jwt
• km/fix-linkedin-oidc-issuer
• km/fix-logging
• km/fix-max-password-length-error
• km/fix-mfa-factors-index
• km/fix-panic-logout
• km/fix-panic-refresh-token
• km/fix-pkce-verify-post
• km/fix-rate-limit-log-level
• km/fix-saml-assertion
• km/fix-search-path
• km/fix-serve
• km/fix-shared-limiter
• km/fix-signup-generate-link
• km/fix-signup-verify
• km/fix-timeout-write-header
• km/fix-update-attribute-mapping
• km/fix-update-phone
• km/fix-update-user
• km/fix-update-user-email
• km/fix-update-user-phone-change
• km/fix-use-factor-id
• km/format-test-otps
• km/hotfix-jwt-aud
• km/improve-logging
• km/improve-mfa-verify-logs
• km/improve-saml-logging
• km/improve-token-oidc-logging
• km/inactivity-session-bug
• km/normalise-emails
• km/phase-iii-ott
• km/redirect-invalid-state
• km/ref-retrieve-request-params
• km/remove-unused-args
• km/return-identity
• km/return-session-not-found-error
• km/update-admin-create-user
• km/update-chi-version
• km/update-error-message
• km/update-golang-jwt
• km/update-mailme
• km/update-oapi
• km/v2.157.1
• master
• omerhochman/fix-linkedin-iodc-error
• optional_2fa
• patch-1
• release/2.165.0
• remove-redundant-method-hookuri-param
• revert-1534-omerhochman/fix-linkedin-iodc-error
• revert-1616-km/alter-auth-uid
• simplify-request-tracing-middleware-setup-logic
• single-source-of-truth-for-waitforcleanup
• snyk-fix-0720ecd3bfe1e766e52214a3bbab15f5
• update-docker-container-name
• update-md-for-resend-endpont
• vercel-marketplace-oidc

Build # 13571780772

Build Type

push

github

Committed by web-flow

Commit Message

chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#1949)

Bumps
[github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from
3.0.3 to 3.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-jose/go-jose/releases">github.com/go-jose/go-jose/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.4</h2>
<h2>What's Changed</h2>
<p>Backport fix for GHSA-c6gw-w398-hv78 CVE-2025-27144
<a
href="https://redirect.github.com/go-jose/go-jose/pull/174">go-jose/go-jose#174</a></p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4">https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-jose/go-jose/commit/5253038e3"><code>5253038</code></a>
Backport fix 167 to v3 (<a
href="https://redirect.github.com/go-jose/go-jose/issues/174">#174</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/047dc9975"><code>047dc99</code></a>
CI: Update github actions and go version (<a
href="https://redirect.github.com/go-jose/go-jose/issues/173">#173</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/0f017e9bc"><code>0f017e9</code></a>
Revert <a
href="https://redirect.github.com/go-jose/go-jose/issues/26">#26</a>
(ignore unsupported JWKs in Sets) (<a
href="https://redirect.github.com/go-jose/go-jose/issues/131">#131</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/3e2bbef72"><code>3e2bbef</code></a>
Unmarshal jwk keys with unsupported key type or algorithm into empty …
(<a
href="https://redirect.github.com/go-jose/go-jose/issues/26">#26</a>)</li>
<li>See full diff in <a
href="https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4">compare
view</a></li>
</ul>
</details>
<br />


[![Depe... (continued)

Run Details

10208 of 15124 relevant lines covered (67.5%)

64.37 hits per line