Bump github.com/go-oidfed/lib from 0.8.4 to 0.10.1

[dependabot]

Bumps github.com/go-oidfed/lib from 0.8.4 to 0.10.1.

Release notes

Sourced from github.com/go-oidfed/lib's releases.

go-oidfed/lib 0.10.0

Breaking Changes

• New Key Management System: Complete rewrite of the key management subsystem. The old keystorage.go, privateKeyStorage.go, privateKeyStorageSingleAlg.go, and publicKeyStorage.go have been removed and replaced with a new modular architecture under jwx/keymanagement/ with separate kms/ and public/ packages. Legacy support is available via dedicated migration helpers.
• Logging: Replaced logrus with an internal logger across all modules. Log call sites have been updated for consistency.
• FederationEntity refactor: Introduced Static and Dynamic FederationEntity interfaces, changing how federation entities are configured and collected.
• Trust Mark refactor: TrustMarkIssuer now requires a TrustMarkSpecProvider instead of static configuration. A thread-safe in-memory implementation is provided.

Features

• TrustAnchorHints support: Add support for trust_anchor_hints in federation entity configuration and processing.
• Dynamic TrustMarkSpecProvider: Introduce a TrustMarkSpecProvider interface with a thread-safe in-memory implementation, allowing dynamic trust mark specification management.
• Atomic trust mark refresh: Implement atomic trust mark refresh with rate limiting and exponential backoff.
• Improved expiration logic: Refine entity configuration expiration to factor in trust marks and JWKS expiration timestamps.
• Key management enhancements:
  • Add support for scheduling algorithm and default algorithm changes with future-dated keys.
  • Add dynamic configuration update methods for KMS.
  • Add JSON struct tags to KeyRotationConfig for serialization support.
  • Add support for additional crypto11 configuration options (SlotNumber, MaxSessions, UserType, LoginNotSupported, PoolWaitTimeout).
  • Introduce NotFoundError for clearer error handling in public key storage operations.
  • Update Unixtime handling to use pointers for nullable fields and improve SQL compatibility.
• Entity collection: Include organization_name, organization_uri, and contacts in entity collection (fixes #135).
• Constants: Add constants for trust mark status response content type and JWT type.

Other

• Remove edugain-pilot example setup.
• Update go-utils dependency.

Dependency Updates

• Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#153)
• Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 (#150)
• Bump golang.org/x/text from 0.34.0 to 0.35.0 (#151)
• Bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#152)

go-oidfed/lib 0.9.1

Bumped various dependencies

go-oidfed/lib 0.9.0

What's Changed

• Added trust_anchor_hints to entity configuration
• trust_chain and peer_trust_chain header parameters are now used in explicit registration and can be used in automatic registration.
• Added option to disable cache (for testing!)
• Added option to set a max lifetime for cache entries.
• Bumped several dependencies

Commits

• 3f7b406 fix: add cgo build constraint to pkcs11 KMS to allow CGO_ENABLED=0 builds
• d39a3b2 Merge pull request #118 from go-oidfed/changes-for-lighthouse-20
• e1e31af Merge pull request #153 from go-oidfed/dependabot/go_modules/github.com/go-jo...
• e238fcf Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
• 80c5e26 add support for TrustAnchorHints in federation entity configuration and proce...
• a59bf69 fix: handle zero expiration values in federation token and JWKS processing
• a61b6d8 include organization_name, organization_uri, and contacts in entity collectio...
• ff6dee9 add extensive test coverage for FederationLeaf and RequestObjectProducer, inc...
• 5334383 add extensive test coverage for trustmark verification, including entity vali...
• 3324e55 add extensive test coverage for jwx package, including key generation, key ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)