Bump jwt from 1.5.6 to 2.2.3

[dependabot-preview]

Bumps jwt from 1.5.6 to 2.2.3.

Changelog

Sourced from jwt's changelog.

2.2.3 (2021-04-19)

Full Changelog

Implemented enhancements:

• Verify algorithm before evaluating keyfinder #343
• Why jwt depends on json < 2.0 ? #179
• Support for JWK in-lieu of rsa_public #158
• Fix rspec raise_error warning #413 (excpt)
• Add support for JWKs with HMAC key type. #372 (phlegx)
• Improve 'none' algorithm handling #365 (danleyden)
• Handle parsed JSON JWKS input with string keys #348 (martinemde)
• Allow Numeric values during encoding #327 (fanfilmu)

Closed issues:

• "Signature verification raised", yet jwt.io says "Signature Verified" #401
• truffleruby-head build is failing #396
• JWT::JWK::EC needs require 'forwardable' #392
• How to use a 'signing key' as used by next-auth #389
• undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
• Make specifying "algorithm" optional on decode #380
• ADFS created access tokens can't be validated due to missing 'kid' header #370
• new version? #355
• JWT gitlab OmniAuth provider setup support #354
• Release with support for RSA.import for ruby < 2.4 hasn't been released #347
• cannot load such file -- jwt #339

Merged pull requests:

• Remove codeclimate code coverage dev dependency #414 (excpt)
• Add forwardable dependency #408 (anakinj)
• Ignore casing of algorithm #405 (johnnyshields)
• Document function and add tests for verify claims method #404 (yasonk)
• documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
• Target the master branch on the build status badge #399 (anakinj)
• Improving the local development experience #397 (anakinj)
• Fix sourcelevel broken links #395 (anakinj)
• Don't recommend installing gem with sudo #391 (tjschuck)
• Enable rubocop locally and on ci #390 (anakinj)
• Ci and test cleanup #387 (anakinj)
• Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
• Support JWKs for pre 2.3 rubies #382 (anakinj)
• Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
• Add auth0 sponsor message #379 (excpt)
• Adapt HMAC to JWK RSA code style. #378 (phlegx)
• Disable Rails cops #376 (anakinj)
• Support exporting RSA JWK private keys #375 (anakinj)
• Ebert is SourceLevel nowadays #374 (anakinj)

... (truncated)

Commits

• 26ec020 Update AUTHORS
• 1dbddf4 Bump version to 2.2.3
• 52eac51 Update CHANGELOG.md
• 99e57d6 Fix ci pipeline
• 54744fa Remove codeclimate code coverage dev dependency
• fb0cd41 Fix rspec raise_error warning
• 2cea14f Add forwardable dependency
• f4925cd Improving the local development experience
• 9ba070e Revert casing of ED25519
• ebd3fc9 Respond to comments
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)