Merge pull request 'chore(release): prepare for 0.7.2' (#261) from next-release into main

Reviewed-on: #261

.gitea/workflows/ci.yaml

@@ -0,0 +1,20 @@
+name: auth0mock
+
+on:
+  push:
+    branches: [main]
+    tags: ['*']
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      BUILDTOOLS_CONTENT: ${{ secrets.BUILDTOOLS_CONTENT }}
+      GITEA_REPOSITORY: ${{ gitea.repository }}
+    steps:
+      - uses: actions/checkout@v6
+      - uses: buildtool/setup-buildtools-action@v1
+      - name: Build and push
+        run: unset GITEA_TOKEN && build && push

.gitea/workflows/release.yaml

@@ -0,0 +1,9 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  release:
+    uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main

.gitlab-ci.yml

@@ -1,17 +0,0 @@
-include:
-- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
-- project: unboundsoftware/ci-templates
-  file: Defaults.gitlab-ci.yml
-- project: unboundsoftware/ci-templates
-  file: Release.gitlab-ci.yml
-
-stages:
-- build
-
-image: buildtool/build-tools:${BUILDTOOLS_VERSION}
-
-build:
-  stage: build
-  script:
-  - build
-  - push

.version

@@ -1 +1,3 @@
-{"version":"0.5.0"}
+{
+  "version": "0.7.2"
+}

CHANGELOG.md

@@ -1,13 +1,91 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.7.2] - 2026-02-12
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/alecthomas/kong to v1.14.0 (#255)
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25 docker digest to 581c059 (#245)
+- *(deps)* Update golang:1.25 docker digest to 8bbd140 (#246)
+- *(deps)* Update golang:1.25 docker digest to bc45dfd (#247)
+- *(deps)* Update golang:1.25 docker digest to ce63a16 (#248)
+- Remove unused .gitlab-ci.yml
+- *(deps)* Update golang:1.25 docker digest to 4c973c7 (#251)
+- *(deps)* Update golang:1.25 docker digest to 0c87ea6 (#252)
+- *(deps)* Update golang:1.25 docker digest to 06d1251 (#253)
+- *(deps)* Update golang:1.25 docker digest to d2e5acc (#254)
+- *(deps)* Update golang:1.25 docker digest to cc73743 (#256)
+- *(deps)* Update golang docker tag to v1.26 (#257)
+- *(deps)* Update golang:1.26 docker digest to c83e68f (#258)
+- Add git-cliff configuration for changelog generation
+
+## [0.7.1] - 2026-01-13
+
+### 🐛 Bug Fixes
+
+- Change CI tag pattern to match all tags
+
+## [0.7.0] - 2026-01-13
+
+### 🚀 Features
+
+- Add tag trigger for CI build and push
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/lestrrat-go/jwx/v3 to v3.0.13 (#239)
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update gcr.io/distroless/static-debian12 docker digest to cd64bec (#238)
+- *(deps)* Update golang:1.25 docker digest to 0f406d3 (#241)
+
+## [0.6.0] - 2026-01-09
+
+### 🚀 Features
+
+- Migrate from GitLab CI to Gitea Actions
+- Add release workflow using shared workflow
+
+### 🐛 Bug Fixes
+
+- Remove incorrect digest pinning from image reference
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25 docker digest to 31c1e53
+- *(deps)* Update golang:1.25 docker digest to 6cc2338
+- *(deps)* Update actions/checkout action to v6
+- *(deps)* Pin dependencies (#233)
+- *(deps)* Update oci.unbound.se/unboundsoftware/auth0mock docker digest to c9d60b4 (#234)
+
+## [0.5.1] - 2025-12-29
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/lestrrat-go/jwx/v2 to v3
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang docker tag to v1.25
+
 ## [0.5.0] - 2025-12-29
 
 ### 🚀 Features
 
 - Migrate auth0mock from Node.js to Go
+
 ## [0.4.0] - 2025-12-29
 
 ### 🚀 Features
 
 - *(session-cleanup)* Implement session expiration cleanup
+
 ## [0.3.0] - 2025-12-28
 
 ### 🚀 Features
@@ -24,6 +102,33 @@
 - *(deps)* Update dependency express to v5.2.0
 - *(deps)* Update dependency express to v5.2.1
 - *(deps)* Update dependency jsonwebtoken to v9.0.3
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update node.js to 40c53e3
+- *(deps)* Update node.js to v22.17.1
+- *(deps)* Update node.js to f17eb88
+- *(deps)* Update node.js to v22.18.0
+- *(deps)* Update node.js to da46023
+- *(deps)* Update node.js to v22.19.0
+- *(deps)* Update node.js to 2e68a73
+- *(deps)* Update node.js to v22.20.0
+- *(deps)* Update node.js to 4b5601e
+- *(deps)* Update node.js to 1260a4a
+- *(deps)* Update node.js to v22.21.0
+- *(deps)* Update node.js to v24
+- *(deps)* Update node.js
+- *(deps)* Update node.js to 0601cd0
+- *(deps)* Update node.js to v24.11.1
+- *(deps)* Update node.js to 11a2e11
+- *(deps)* Update dependency prettier to v3.7.0
+- *(deps)* Update dependency prettier to v3.7.1
+- *(deps)* Update dependency prettier to v3.7.2
+- *(deps)* Update dependency prettier to v3.7.3
+- *(deps)* Update dependency prettier to v3.7.4
+- *(deps)* Update node.js to aa57b08
+- *(deps)* Update node.js to v24.12.0
+
 ## [0.2.0] - 2025-06-29
 
 ### 🚀 Features
@@ -36,6 +141,20 @@
 - *(deps)* Update dependency debug to v4.4.1
 - *(deps)* Update dependency serve-favicon to v2.5.1
 - *(k8s)* Update ingress configuration for backend service
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update node.js to 4c7ba01
+- *(deps)* Update node.js to v22.15.0
+- *(deps)* Update node.js to ab3dc40
+- *(deps)* Update node.js to v22.15.1
+- *(deps)* Update node.js to v22.16.0
+- *(deps)* Update node.js to 8d23574
+- *(deps)* Update dependency prettier to v3.6.0
+- *(deps)* Update dependency prettier to v3.6.1
+- *(deps)* Update node.js to v22.17.0
+- *(deps)* Update dependency prettier to v3.6.2
+
 ## [0.1.5] - 2025-04-03
 
 ### 🐛 Bug Fixes
@@ -46,12 +165,37 @@
 
 ### ⚙️ Miscellaneous Tasks
 
+- *(deps)* Update node.js to debe7ff
+- *(deps)* Update node.js to 469d57f
+- *(deps)* Update node.js to 3962f5a
+- *(deps)* Update node.js to 5145c88
+- *(deps)* Update dependency prettier to v3.5.0
+- *(deps)* Update dependency prettier to v3.5.1
+- *(deps)* Update node.js to 7c6b02a
+- *(deps)* Update node.js to cfef443
+- *(deps)* Update dependency prettier to v3.5.2
+- *(deps)* Update node.js to a279671
+- *(deps)* Update node.js to c3ef15a
+- *(deps)* Update node.js to 2094ac6
 - *(Dockerfile)* Update Node.js base image version
+- *(deps)* Update dependency prettier to v3.5.3
+- *(deps)* Update node.js to fab5fee
+
 ## [0.1.4] - 2025-01-24
 
 ### 🐛 Bug Fixes
 
 - *(k8s)* Update labels to adhere to best practices
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update node.js to 0e910f4
+- *(deps)* Update node.js to 99981c3
+- *(deps)* Update node.js to 4f7fb7f
+- *(deps)* Update node.js to d77c645
+- *(deps)* Update node.js to fa54405
+- *(deps)* Update node.js to ae2f3d4
+
 ## [0.1.3] - 2024-12-18
 
 ### 🐛 Bug Fixes
@@ -67,8 +211,23 @@
 
 ### ⚙️ Miscellaneous Tasks
 
+- *(deps)* Update node.js to v22
+- *(deps)* Update dependency node to v22
 - Update renovate configuration to disable auth0mock updates
+- *(deps)* Update node.js to f496dba
+- *(deps)* Update node.js to db556c2
+- *(deps)* Update node.js to f1f8564
+- *(deps)* Update node.js to 6eb1af3
+- *(deps)* Update node.js to 5c76d05
+- *(deps)* Update dependency prettier to v3.4.0
+- *(deps)* Update dependency prettier to v3.4.1
+- *(deps)* Update node.js to cb24453
+- *(deps)* Update node.js to fd453a2
+- *(deps)* Update node.js to e605a19
+- *(deps)* Update node.js to 35a5dd7
+- *(deps)* Update dependency prettier to v3.4.2
 - Remove Docker service from build stage configuration
+
 ## [0.1.2] - 2024-10-19
 
 ### 🐛 Bug Fixes
@@ -78,8 +237,10 @@
 
 ### ⚙️ Miscellaneous Tasks
 
+- *(deps)* Update dependency ingress to networking.k8s.io/v1
 - Update Dockerfile to remove warnings
 - Support issuer in openid-configuration
+
 ## [0.1.1] - 2024-10-05
 
 ### 🐛 Bug Fixes
@@ -100,7 +261,12 @@
 
 ### ⚙️ Miscellaneous Tasks
 
+- *(deps)* Update dependency prettier to v3.3.0
+- *(deps)* Update dependency prettier to v3.3.1
+- *(deps)* Update dependency prettier to v3.3.2
+- *(deps)* Update dependency prettier to v3.3.3
 - Add release flow
+
 ## [0.1.0] - 2024-04-08
 
 ### 🚀 Features
@@ -111,6 +277,7 @@
 
 - *(deps)* Update dependency express to v4.19.1
 - *(deps)* Update dependency express to v4.19.2
+
 ## [0.0.17] - 2024-03-11
 
 ### 🚀 Features
@@ -120,31 +287,68 @@
 ### 🐛 Bug Fixes
 
 - *(deps)* Update dependency express to v4.18.3
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Bump jsonwebtoken from 9.0.0 to 9.0.1
+- *(deps-dev)* Bump prettier from 2.8.8 to 3.0.0
+- *(deps)* Bump nodemon from 2.0.22 to 3.0.0
+- *(deps)* Bump nodemon from 3.0.0 to 3.0.1
+- *(deps-dev)* Bump prettier from 3.0.0 to 3.0.1
+- *(deps-dev)* Bump prettier from 3.0.1 to 3.0.2
+- *(deps-dev)* Bump prettier from 3.0.2 to 3.0.3
+- *(deps)* Bump jsonwebtoken from 9.0.1 to 9.0.2
+- *(deps-dev)* Bump prettier from 3.0.3 to 3.1.0
+- *(deps)* Bump nodemon from 3.0.1 to 3.0.2
+- *(deps-dev)* Bump prettier from 3.1.0 to 3.1.1
+- *(deps-dev)* Bump prettier from 3.1.1 to 3.2.1
+- *(deps-dev)* Bump prettier from 3.2.1 to 3.2.2
+- *(deps)* Bump nodemon from 3.0.2 to 3.0.3
+- *(deps-dev)* Bump prettier from 3.2.2 to 3.2.3
+- *(deps-dev)* Bump prettier from 3.2.3 to 3.2.4
+- *(deps-dev)* Bump prettier from 3.2.4 to 3.2.5
+- *(deps)* Bump nodemon from 3.0.3 to 3.1.0
+- *(deps)* Update dependency node to v20
+
 ## [0.0.16] - 2023-06-01
 
 ### 🚀 Features
 
 - Initial users store
+
 ## [0.0.15] - 2023-05-31
 
 ### 🐛 Bug Fixes
 
 - Return empty array
+
 ## [0.0.14] - 2023-05-31
 
 ### 🚀 Features
 
 - Remember created users
+
 ## [0.0.13] - 2023-05-02
 
 ### 🚀 Features
 
 - Add name and email to id token
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps-dev)* Bump prettier from 2.8.4 to 2.8.5
+- *(deps-dev)* Bump prettier from 2.8.5 to 2.8.6
+- *(deps)* Bump nodemon from 2.0.21 to 2.0.22
+- *(deps-dev)* Bump prettier from 2.8.6 to 2.8.7
+- *(deps-dev)* Bump prettier from 2.8.7 to 2.8.8
+- *(deps)* Bump node from 18 to 20
+
 ## [0.0.12] - 2023-03-10
 
 ### 🐛 Bug Fixes
 
 - Remove session on logout
+
 ## [0.0.11] - 2023-03-10
 
 ### 🐛 Bug Fixes
@@ -156,59 +360,87 @@
 
 - Use Docker DinD version from variable
 - Change Dependabot rebase strategy
+- *(deps)* Bump body-parser from 1.20.1 to 1.20.2
+- *(deps)* Bump nodemon from 2.0.20 to 2.0.21
 - Format code and add prettier
+
+## [0.0.10] - 2022-12-22
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Bump express from 4.18.0 to 4.18.1
+- *(deps)* Bump nodemon from 2.0.15 to 2.0.16
+- *(deps)* [security] bump ansi-regex from 4.1.0 to 4.1.1
+- *(deps)* [security] bump minimist from 1.2.0 to 1.2.6
+- *(deps)* [security] bump ini from 1.3.5 to 1.3.8
+- *(deps)* [security] bump normalize-url from 4.5.0 to 4.5.1
+- *(deps)* Bump nodemon from 2.0.16 to 2.0.18
+- *(deps)* Bump nodemon from 2.0.18 to 2.0.19
+- *(deps)* Bump nodemon from 2.0.19 to 2.0.20
+- *(deps)* Bump body-parser from 1.20.0 to 1.20.1
+- *(deps)* Bump express from 4.18.1 to 4.18.2
+- *(deps)* Bump jsonwebtoken from 8.5.1 to 9.0.0
+
 ## [0.0.9] - 2022-04-28
 
 ### 🚀 Features
 
 - Add support for client id and secret tokens
+
 ## [0.0.8] - 2022-04-26
 
 ### 🚀 Features
 
 - Add dummy-implementation of management API
+
 ## [0.0.7] - 2022-04-26
 
 ### 🐛 Bug Fixes
 
 - Use correct return-variable
+
 ## [0.0.6] - 2022-04-26
 
 ### 🐛 Bug Fixes
 
 - Make sure thumbPrint is a string
 
-### 💼 Other
-
-- *(deps)* Bump express from 4.17.3 to 4.18.0
-
 ### ⚙️ Miscellaneous Tasks
 
 - Format code
+
+### Chore
+
+- *(deps)* Bump express from 4.17.3 to 4.18.0
+
 ## [0.0.5] - 2022-04-26
 
 ### 🐛 Bug Fixes
 
 - Add custom claims to both id and access token
+
 ## [0.0.4] - 2022-04-26
 
 ### 🚀 Features
 
 - Add email custom claim
+
 ## [0.0.3] - 2022-04-26
 
 ### 🚀 Features
 
 - Add env-property for default issuer
+
 ## [0.0.2] - 2022-04-25
 
-### 💼 Other
-
-- *(deps)* Bump node from 17 to 18
-
 ### ⚙️ Miscellaneous Tasks
 
 - Change admin-handling
+
+### Chore
+
+- *(deps)* Bump node from 17 to 18
+
 ## [0.0.1] - 2022-04-19
 
 ### 🚀 Features
@@ -225,7 +457,29 @@
 - Package.json & yarn.lock to reduce vulnerabilities
 - Pipeline
 
-### 💼 Other
+### ⚙️ Miscellaneous Tasks
+
+- Add triggering of acctest
+- Add artifacts
+- Update to latest build-tools
+- Update to latest build-tools
+- Add ingress
+- Add CI workflows
+- Use buildtools version from env
+- Add dependabot config
+- *(deps)* Bump node from 12 to 16
+- *(deps)* Bump base64-url from 2.2.1 to 2.3.3
+- *(deps)* Bump buffer from 5.2.1 to 6.0.3
+- *(deps)* Bump debug from 2.6.9 to 4.3.2
+- *(deps)* Bump https-localhost from 4.1.1 to 4.7.0
+- *(deps)* Bump node-rsa from 1.0.5 to 1.1.1
+- *(deps)* Bump cookie-parser from 1.4.4 to 1.4.5
+- *(deps)* Bump nodemon from 2.0.3 to 2.0.14
+- *(deps)* Bump node from 16 to 17
+- Remove dependabot-standalone
+- Cleanup and remove acctest triggering
+
+### Chore
 
 - *(deps)* Bump nodemon from 2.0.14 to 2.0.15
 - *(deps)* Bump cookie-parser from 1.4.5 to 1.4.6
@@ -244,15 +498,4 @@
 - *(deps)* Bump node-forge from 1.3.0 to 1.3.1
 - *(deps)* Bump body-parser from 1.19.2 to 1.20.0
 
-### ⚙️ Miscellaneous Tasks
-
-- Add triggering of acctest
-- Add artifacts
-- Update to latest build-tools
-- Update to latest build-tools
-- Add ingress
-- Add CI workflows
-- Use buildtools version from env
-- Add dependabot config
-- Remove dependabot-standalone
-- Cleanup and remove acctest triggering
+<!-- generated by git-cliff -->

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.24 AS build
+FROM golang:1.26@sha256:c83e68f3ebb6943a2904fa66348867d108119890a2c6a2e6f07b38d0eb6c25c5 AS build
 
 ARG GITLAB_USER
 ARG GITLAB_TOKEN
@@ -13,7 +13,7 @@ RUN go mod download
 COPY . .
 RUN go build -ldflags="-s -w" -o /release/service ./cmd/service
 
-FROM gcr.io/distroless/static-debian12
+FROM gcr.io/distroless/static-debian12@sha256:cd64bec9cec257044ce3a8dd3620cf83b387920100332f2b041f19c4d2febf93
 
 ENV TZ=Europe/Stockholm
 ENV AUDIENCE="https://shiny.unbound.se"

auth/jwt.go

@@ -8,10 +8,10 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/lestrrat-go/jwx/v2/jwa"
-	"github.com/lestrrat-go/jwx/v2/jwk"
-	"github.com/lestrrat-go/jwx/v2/jws"
-	"github.com/lestrrat-go/jwx/v2/jwt"
+	"github.com/lestrrat-go/jwx/v3/jwa"
+	"github.com/lestrrat-go/jwx/v3/jwk"
+	"github.com/lestrrat-go/jwx/v3/jws"
+	"github.com/lestrrat-go/jwx/v3/jwt"
 )
 
 const (
@@ -21,12 +21,12 @@ const (
 
 // JWTService handles JWT signing and JWKS generation
 type JWTService struct {
-	privateKey     *rsa.PrivateKey
-	jwkSet         jwk.Set
-	issuer         string
-	audience       string
-	adminClaim     string
-	emailClaim     string
+	privateKey *rsa.PrivateKey
+	jwkSet     jwk.Set
+	issuer     string
+	audience   string
+	adminClaim string
+	emailClaim string
 }
 
 // NewJWTService creates a new JWT service with a generated RSA key pair
@@ -38,7 +38,7 @@ func NewJWTService(issuer, audience, adminClaim, emailClaim string) (*JWTService
 	}
 
 	// Create JWK from private key
-	key, err := jwk.FromRaw(privateKey)
+	key, err := jwk.Import(privateKey)
 	if err != nil {
 		return nil, fmt.Errorf("create JWK from private key: %w", err)
 	}
@@ -48,7 +48,7 @@ func NewJWTService(issuer, audience, adminClaim, emailClaim string) (*JWTService
 	if err := key.Set(jwk.KeyIDKey, keyID); err != nil {
 		return nil, fmt.Errorf("set key ID: %w", err)
 	}
-	if err := key.Set(jwk.AlgorithmKey, jwa.RS256); err != nil {
+	if err := key.Set(jwk.AlgorithmKey, jwa.RS256()); err != nil {
 		return nil, fmt.Errorf("set algorithm: %w", err)
 	}
 	if err := key.Set(jwk.KeyUsageKey, "sig"); err != nil {
@@ -68,12 +68,12 @@ func NewJWTService(issuer, audience, adminClaim, emailClaim string) (*JWTService
 	}
 
 	return &JWTService{
-		privateKey:     privateKey,
-		jwkSet:         jwkSet,
-		issuer:         issuer,
-		audience:       audience,
-		adminClaim:     adminClaim,
-		emailClaim:     emailClaim,
+		privateKey: privateKey,
+		jwkSet:     jwkSet,
+		issuer:     issuer,
+		audience:   audience,
+		adminClaim: adminClaim,
+		emailClaim: emailClaim,
 	}, nil
 }
 
@@ -98,20 +98,20 @@ func (s *JWTService) SignToken(claims map[string]interface{}) (string, error) {
 	}
 
 	// Create JWK from private key for signing
-	key, err := jwk.FromRaw(s.privateKey)
+	key, err := jwk.Import(s.privateKey)
 	if err != nil {
 		return "", fmt.Errorf("create signing key: %w", err)
 	}
 
 	// Get key ID from JWKS
 	pubKey, _ := s.jwkSet.Key(0)
-	keyID := pubKey.KeyID()
+	keyID, _ := pubKey.KeyID()
 	if err := key.Set(jwk.KeyIDKey, keyID); err != nil {
 		return "", fmt.Errorf("set key ID: %w", err)
 	}
 
 	// Sign the token
-	signed, err := jwt.Sign(token, jwt.WithKey(jwa.RS256, key))
+	signed, err := jwt.Sign(token, jwt.WithKey(jwa.RS256(), key))
 	if err != nil {
 		return "", fmt.Errorf("sign token: %w", err)
 	}

cliff.toml

@@ -0,0 +1,80 @@
+# git-cliff ~ default configuration file
+# https://git-cliff.org/docs/configuration
+#
+# Lines starting with "#" are comments.
+# Configuration options are organized into tables and keys.
+# See documentation for more information on available options.
+
+[changelog]
+# template for the changelog header
+header = """
+# Changelog\n
+All notable changes to this project will be documented in this file.\n
+"""
+# template for the changelog body
+# https://keats.github.io/tera/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+            {% if commit.breaking %}[**breaking**] {% endif %}\
+            {{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}\n
+"""
+# template for the changelog footer
+footer = """
+<!-- generated by git-cliff -->
+"""
+# remove the leading and trailing s
+trim = true
+# postprocessors
+postprocessors = [
+  # { pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" }, # replace repository URL
+]
+# render body even when there are no releases to process
+# render_always = true
+# output file path
+# output = "test.md"
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# process each line of a commit as an individual commit
+split_commits = false
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+  # Replace issue numbers
+  #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
+  # Check spelling of the commit with https://github.com/crate-ci/typos
+  # If the spelling is incorrect, it will be automatically fixed.
+  #{ pattern = '.*', replace_command = 'typos --write-changes -' },
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+  { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+  { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+  { message = "^doc", group = "<!-- 3 -->📚 Documentation" },
+  { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+  { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+  { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+  { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+  { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+  { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+]
+# filter out the commits that are not matched by commit parsers
+filter_commits = false
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"

go.mod

@@ -1,23 +1,25 @@
 module gitlab.com/unboundsoftware/auth0mock
 
-go 1.24
+go 1.24.0
 
 require (
-	github.com/alecthomas/kong v1.13.0
+	github.com/alecthomas/kong v1.14.0
 	github.com/google/uuid v1.6.0
-	github.com/lestrrat-go/jwx/v2 v2.1.6
+	github.com/lestrrat-go/jwx/v3 v3.0.13
 	github.com/rs/cors v1.11.1
 )
 
 require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.3 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.4 // indirect
+	github.com/lestrrat-go/dsig v1.0.0 // indirect
+	github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/httprc v1.0.6 // indirect
-	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/segmentio/asm v1.2.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	github.com/lestrrat-go/httprc/v3 v3.0.2 // indirect
+	github.com/lestrrat-go/option/v2 v2.0.0 // indirect
+	github.com/segmentio/asm v1.2.1 // indirect
+	github.com/valyala/fastjson v1.6.7 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 )

go.sum

@@ -1,7 +1,7 @@
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
-github.com/alecthomas/kong v1.13.0 h1:5e/7XC3ugvhP1DQBmTS+WuHtCbcv44hsohMgcvVxSrA=
-github.com/alecthomas/kong v1.13.0/go.mod h1:wrlbXem1CWqUV5Vbmss5ISYhsVPkBb1Yo7YKJghju2I=
+github.com/alecthomas/kong v1.14.0 h1:gFgEUZWu2ZmZ+UhyZ1bDhuutbKN1nTtJTwh19Wsn21s=
+github.com/alecthomas/kong v1.14.0/go.mod h1:wrlbXem1CWqUV5Vbmss5ISYhsVPkBb1Yo7YKJghju2I=
 github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
 github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -15,33 +15,36 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/lestrrat-go/blackmagic v1.0.3 h1:94HXkVLxkZO9vJI/w2u1T0DAoprShFd13xtnSINtDWs=
-github.com/lestrrat-go/blackmagic v1.0.3/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw=
+github.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA=
+github.com/lestrrat-go/blackmagic v1.0.4/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw=
+github.com/lestrrat-go/dsig v1.0.0 h1:OE09s2r9Z81kxzJYRn07TFM9XA4akrUdoMwr0L8xj38=
+github.com/lestrrat-go/dsig v1.0.0/go.mod h1:dEgoOYYEJvW6XGbLasr8TFcAxoWrKlbQvmJgCR0qkDo=
+github.com/lestrrat-go/dsig-secp256k1 v1.0.0 h1:JpDe4Aybfl0soBvoVwjqDbp+9S1Y2OM7gcrVVMFPOzY=
+github.com/lestrrat-go/dsig-secp256k1 v1.0.0/go.mod h1:CxUgAhssb8FToqbL8NjSPoGQlnO4w3LG1P0qPWQm/NU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
-github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=
-github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
-github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
-github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVfecA=
-github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU=
-github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
-github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/lestrrat-go/httprc/v3 v3.0.2 h1:7u4HUaD0NQbf2/n5+fyp+T10hNCsAnwKfqn4A4Baif0=
+github.com/lestrrat-go/httprc/v3 v3.0.2/go.mod h1:mSMtkZW92Z98M5YoNNztbRGxbXHql7tSitCvaxvo9l0=
+github.com/lestrrat-go/jwx/v3 v3.0.13 h1:AdHKiPIYeCSnOJtvdpipPg/0SuFh9rdkN+HF3O0VdSk=
+github.com/lestrrat-go/jwx/v3 v3.0.13/go.mod h1:2m0PV1A9tM4b/jVLMx8rh6rBl7F6WGb3EG2hufN9OQU=
+github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLOcID3Ss=
+github.com/lestrrat-go/option/v2 v2.0.0/go.mod h1:oSySsmzMoR0iRzCDCaUfsCzxQHUEuhOViQObyy7S6Vg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
 github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
-github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
-github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0=
+github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
+github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

k8s/deploy.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: auth0mock
-          image: registry.gitlab.com/unboundsoftware/auth0mock:${COMMIT}
+          image: oci.unbound.se/unboundsoftware/auth0mock:${COMMIT}
           imagePullPolicy: "IfNotPresent"
           resources:
             requests: