Skip to content

fix(deps): update dependency jose to v5

Ghost User requested to merge renovate/jose-5.x into main

This MR contains the following updates:

Package Type Update Change
jose dependencies major ^4.14.4 -> ^5.0.0

Release Notes

panva/jose (jose)

v5.6.3

Compare Source

Fixes
  • add sideEffects:false to nested ESM package.json files (f3aff1c)

v5.6.2

Compare Source

Refactor
  • CryptoKey normalization is not always async (b7751f5)
  • weak cache normalized CryptoKey instances (32b25a5)
Fixes
  • ensure KeyObject type in Web API encrypt/decrypt (b7920bd)

v5.6.1

Compare Source

Refactor
  • normalize is always defined for Web API runtimes (7bcb103)
Fixes

v5.6.0

Compare Source

Features
  • support KeyObject inputs in WebCryptoAPI runtimes given compatibility (e178b8f)

v5.5.0

Compare Source

Features

v5.4.1

Compare Source

Fixes
  • ensure latest release on npm is v5.x (a9b2a30)

v5.4.0

Compare Source

Features
  • expose JWT's payload in JWTClaimValidationFailed instances (58bcffb), closes #​680
Refactor
  • add explicit return types everywhere (cc2b2d7)

v5.3.0

Compare Source

Features
  • allow observing remote JWKS resolver state and its manual reload (fa8b639)
Refactor
  • if should not be the only statement in else blocks (a6b716b)

v5.2.4

Compare Source

Refactor
  • use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c)

v5.2.3

Compare Source

Refactor
  • move iv generation and optional outputs around (05c4351)

v5.2.2

Compare Source

Fixes
  • types: iv and tag is optional in JSON serializations (53019cd)

v5.2.1

Compare Source

Fixes
  • build: refactor export targets for browser, node cjs, and node esm builds (50cbc65)

v5.2.0

Compare Source

Features
  • extend JWT NumericDate setter syntax (ae363c3)

v5.1.3

Compare Source

v5.1.2

Compare Source

Fixes
  • do not mutate JWTVerifyOptions.requiredClaims (1bf9cec), closes #​610

v5.1.1

Compare Source

Refactor
  • deprecate the RSA1_5 JWE Algorithm (f746da1)

v5.1.0

Compare Source

Features

v5.0.2

Compare Source

Fixes
  • createRemoteJWKSet: ensure a default user-agent header is present (887dd3c), closes #​600

v5.0.1

Compare Source

Fixes
  • also use ES2020 in the CDN bundles (8c4d390)

v5.0.0

Compare Source

BREAKING CHANGES
  • Node.js: return Uint8Array (not a Buffer) from base64url.decode
  • Browser distribution is now built using ES2020 as a target
  • Node.js distribution is now built using ES2022 as a target
  • types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
  • PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
  • importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
  • End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, and 21 and future releases are the ones that remain supported.
  • The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.
Features
  • add Date as valid input to timestamp setting functions (bd830a4)
  • default to an empty payload in JWT producing constructors (98d6ca1)
  • types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #​568
Reverts
  • Revert "test: fix test under lts/erbium" (b64b6c7)
Refactor
  • Browser distribution is now built using ES2020 as a target (1836684)
  • drop support for EOL Node.js versions (b5aee54)
  • importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
  • Node.js distribution is now built using ES2022 as a target (239697a)
  • Node.js: return Uint8Array (not a Buffer) from base64url.decode (02d5182)
  • PBES2 Algorithms require explicit opt-in during verification (e2da031)
  • remove support for JWE "zip" (Compression Algorithm) Header Parameter (16998b1)
  • types: rename type parameters for the KeyLike returns (eddd400)
  • update allow list error messages (fe8114c)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Ghost User

Merge request reports