feat(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1

[dependabot]

Bumps github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1.

Release notes

Sourced from github.com/go-jose/go-jose/v3's releases.

Version 3.0.1

Fixed

Security issue: an attacker specifying a large "p2c" value can cause JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large amounts of CPU, causing a DoS. Thanks to Matt Schwager (@​mschwager) for the disclosure and to Tom Tervoort for originally publishing the category of attack. https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

The release is tagged off the release-v3.0.1 branch to avoid mixing in some as-yet unreleased changes on the v3 branch.

Changelog

Sourced from github.com/go-jose/go-jose/v3's changelog.

v3.0.1

Fixed:

• Security issue: an attacker specifying a large "p2c" value can cause JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large amounts of CPU, causing a DoS. Thanks to Matt Schwager (@​mschwager) for the disclosure and to Tom Tervoort for originally publishing the category of attack. https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

Commits

• 47edce0 Fix decryption DoS: Reject too high p2c (#66)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Attention: 3824 lines in your changes are missing coverage. Please review.

Comparison is base (050a0d1) 50.52% compared to head (bff2865) 47.70%.
Report is 85 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #423      +/-   ##
==========================================
- Coverage   50.52%   47.70%   -2.83%     
==========================================
  Files         107      154      +47     
  Lines        8209    13053    +4844     
==========================================
+ Hits         4148     6227    +2079     
- Misses       3767     6339    +2572     
- Partials      294      487     +193     

Files	Coverage Δ
git/command.go	0.00% <ø> (ø)
git/commit.go	42.85% <100.00%> (+17.85%)	⬆️
git/reference.go	40.00% <100.00%> (+7.85%)	⬆️
git/server.go	57.14% <ø> (+57.14%)	⬆️
git/tree.go	81.00% <ø> (ø)
pkg/backend/backend.go	100.00% <100.00%> (ø)
pkg/backend/cache.go	68.75% <ø> (ø)
pkg/backend/context.go	85.71% <ø> (ø)
pkg/backend/settings.go	78.57% <ø> (ø)
pkg/config/config.go	81.28% <100.00%> (ø)
... and 144 more

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.