Tim-Demo / JuiceShop

MIT License
0 stars 0 forks source link

Update dependency jsonwebtoken to v9 #172

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
jsonwebtoken dependencies major 0.4.0 -> 9.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Critical 9.8 CVE-2015-9235 #21
High 7.1 WS-2018-0096 #30
Medium 6.4 CVE-2022-23540 #153
Medium 5.9 CVE-2022-23539 #152
Medium 5.0 CVE-2022-23541 #154
Medium 4.6 CVE-2016-1000223 #7

Release Notes

auth0/node-jsonwebtoken (jsonwebtoken) ### [`v9.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#900---2022-12-21) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0) **Breaking changes: See [Migration from v8 to v9](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)** ##### Breaking changes - Removed support for Node versions 11 and below. - The verify() function no longer accepts unsigned tokens by default. (\[[`8345030`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16) - RSA key size must be 2048 bits or greater. (\[[`ecdf6cc`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6) - Key types must be valid for the signing / verification algorithm ##### Security fixes - security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529 - security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540 - security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541 - security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539 ### [`v8.5.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#851---2019-03-18) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.0...v8.5.1) ##### Bug fix - fix: ensure correct PS signing and verification ([#​585](https://redirect.github.com/auth0/node-jsonwebtoken/issues/585)) ([e5874ae428ffc0465e6bd4e660f89f78b56a74a6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e5874ae428ffc0465e6bd4e660f89f78b56a74a6)), closes [#​585](https://redirect.github.com/auth0/node-jsonwebtoken/issues/585) ##### Docs - README: fix markdown for algorithms table ([84e03ef70f9c44a3aef95a1dc122c8238854f683](https://redirect.github.com/auth0/node-jsonwebtoken/commit/84e03ef70f9c44a3aef95a1dc122c8238854f683)) ### [`v8.5.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#850---2019-02-20) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.4.0...v8.5.0) ##### New Functionality - feat: add PS JWA support for applicable node versions ([#​573](https://redirect.github.com/auth0/node-jsonwebtoken/issues/573)) ([eefb9d9c6eec54718fa6e41306bda84788df7bec](https://redirect.github.com/auth0/node-jsonwebtoken/commit/eefb9d9c6eec54718fa6e41306bda84788df7bec)), closes [#​573](https://redirect.github.com/auth0/node-jsonwebtoken/issues/573) - Add complete option in jwt.verify ([#​522](https://redirect.github.com/auth0/node-jsonwebtoken/issues/522)) ([8737789dd330cf9e7870f4df97fd52479adbac22](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8737789dd330cf9e7870f4df97fd52479adbac22)), closes [#​522](https://redirect.github.com/auth0/node-jsonwebtoken/issues/522) ##### Test Improvements - Add tests for private claims in the payload ([#​555](https://redirect.github.com/auth0/node-jsonwebtoken/issues/555)) ([5147852896755dc1291825e2e40556f964411fb2](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5147852896755dc1291825e2e40556f964411fb2)), closes [#​555](https://redirect.github.com/auth0/node-jsonwebtoken/issues/555) - Force use_strict during testing ([#​577](https://redirect.github.com/auth0/node-jsonwebtoken/issues/577)) ([7b60c127ceade36c33ff33be066e435802001c94](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7b60c127ceade36c33ff33be066e435802001c94)), closes [#​577](https://redirect.github.com/auth0/node-jsonwebtoken/issues/577) - Refactor tests related to jti and jwtid ([#​544](https://redirect.github.com/auth0/node-jsonwebtoken/issues/544)) ([7eebbc75ab89e01af5dacf2aae90fe05a13a1454](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7eebbc75ab89e01af5dacf2aae90fe05a13a1454)), closes [#​544](https://redirect.github.com/auth0/node-jsonwebtoken/issues/544) - ci: remove nsp from tests ([#​569](https://redirect.github.com/auth0/node-jsonwebtoken/issues/569)) ([da8f55c3c7b4dd0bfc07a2df228500fdd050242a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/da8f55c3c7b4dd0bfc07a2df228500fdd050242a)), closes [#​569](https://redirect.github.com/auth0/node-jsonwebtoken/issues/569) ##### Docs - Fix 'cert' token which isn't a cert ([#​554](https://redirect.github.com/auth0/node-jsonwebtoken/issues/554)) ([0c24fe68cd2866cea6322016bf993cd897fefc98](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0c24fe68cd2866cea6322016bf993cd897fefc98)), closes [#​554](https://redirect.github.com/auth0/node-jsonwebtoken/issues/554) ### [`v8.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#840---2018-11-14) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.3.0...v8.4.0) ##### New Functionality - Add verify option for nonce validation ([#​540](https://redirect.github.com/auth0/node-jsonwebtoken/issues/540)) ([e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0)), closes [#​540](https://redirect.github.com/auth0/node-jsonwebtoken/issues/540) ##### Bug Fixes - Updating Node version in Engines spec in package.json ([#​528](https://redirect.github.com/auth0/node-jsonwebtoken/issues/528)) ([cfd1079305170a897dee6a5f55039783e6ee2711](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cfd1079305170a897dee6a5f55039783e6ee2711)), closes [#​528](https://redirect.github.com/auth0/node-jsonwebtoken/issues/528) [#​509](https://redirect.github.com/auth0/node-jsonwebtoken/issues/509) - Fixed error message when empty string passed as expiresIn or notBefore option ([#​531](https://redirect.github.com/auth0/node-jsonwebtoken/issues/531)) ([7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76)), closes [#​531](https://redirect.github.com/auth0/node-jsonwebtoken/issues/531) ##### Docs - Update README.md ([#​527](https://redirect.github.com/auth0/node-jsonwebtoken/issues/527)) ([b76f2a80f5229ee5cde321dd2ff14aa5df16d283](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b76f2a80f5229ee5cde321dd2ff14aa5df16d283)), closes [#​527](https://redirect.github.com/auth0/node-jsonwebtoken/issues/527) - Update README.md ([#​538](https://redirect.github.com/auth0/node-jsonwebtoken/issues/538)) ([1956c4006472fd285b8a85074257cbdbe9131cbf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1956c4006472fd285b8a85074257cbdbe9131cbf)), closes [#​538](https://redirect.github.com/auth0/node-jsonwebtoken/issues/538) - Edited the README.md to make certain parts of the document for the api easier to read, emphasizing the examples. ([#​548](https://redirect.github.com/auth0/node-jsonwebtoken/issues/548)) ([dc89a641293d42f72ecfc623ce2eabc33954cb9d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dc89a641293d42f72ecfc623ce2eabc33954cb9d)), closes [#​548](https://redirect.github.com/auth0/node-jsonwebtoken/issues/548) - Document NotBeforeError ([#​529](https://redirect.github.com/auth0/node-jsonwebtoken/issues/529)) ([29cd654b956529e939ae8f8c30b9da7063aad501](https://redirect.github.com/auth0/node-jsonwebtoken/commit/29cd654b956529e939ae8f8c30b9da7063aad501)), closes [#​529](https://redirect.github.com/auth0/node-jsonwebtoken/issues/529) ##### Test Improvements - Use lolex for faking date in tests ([#​491](https://redirect.github.com/auth0/node-jsonwebtoken/issues/491)) ([677ead6d64482f2067b11437dda07309abe73cfa](https://redirect.github.com/auth0/node-jsonwebtoken/commit/677ead6d64482f2067b11437dda07309abe73cfa)), closes [#​491](https://redirect.github.com/auth0/node-jsonwebtoken/issues/491) - Update dependencies used for running tests ([#​518](https://redirect.github.com/auth0/node-jsonwebtoken/issues/518)) ([5498bdc4865ffb2ba2fd44d889fad7e83873bb33](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5498bdc4865ffb2ba2fd44d889fad7e83873bb33)), closes [#​518](https://redirect.github.com/auth0/node-jsonwebtoken/issues/518) - Minor test refactoring for recently added tests ([#​504](https://redirect.github.com/auth0/node-jsonwebtoken/issues/504)) ([e2860a9d2a412627d79741a95bc7159971b923b9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e2860a9d2a412627d79741a95bc7159971b923b9)), closes [#​504](https://redirect.github.com/auth0/node-jsonwebtoken/issues/504) - Create and implement async/sync test helpers ([#​523](https://redirect.github.com/auth0/node-jsonwebtoken/issues/523)) ([683d8a9b31ad6327948f84268bd2c8e4350779d1](https://redirect.github.com/auth0/node-jsonwebtoken/commit/683d8a9b31ad6327948f84268bd2c8e4350779d1)), closes [#​523](https://redirect.github.com/auth0/node-jsonwebtoken/issues/523) - Refactor tests related to audience and aud ([#​503](https://redirect.github.com/auth0/node-jsonwebtoken/issues/503)) ([53d405e0223cce7c83cb51ecf290ca6bec1e9679](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53d405e0223cce7c83cb51ecf290ca6bec1e9679)), closes [#​503](https://redirect.github.com/auth0/node-jsonwebtoken/issues/503) - Refactor tests related to expiresIn and exp ([#​501](https://redirect.github.com/auth0/node-jsonwebtoken/issues/501)) ([72f0d9e5b11a99082250665d1200c58182903fa6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/72f0d9e5b11a99082250665d1200c58182903fa6)), closes [#​501](https://redirect.github.com/auth0/node-jsonwebtoken/issues/501) - Refactor tests related to iat and maxAge ([#​507](https://redirect.github.com/auth0/node-jsonwebtoken/issues/507)) ([877bd57ab2aca9b7d230805b21f921baed3da169](https://redirect.github.com/auth0/node-jsonwebtoken/commit/877bd57ab2aca9b7d230805b21f921baed3da169)), closes [#​507](https://redirect.github.com/auth0/node-jsonwebtoken/issues/507) - Refactor tests related to iss and issuer ([#​543](https://redirect.github.com/auth0/node-jsonwebtoken/issues/543)) ([0906a3fa80f52f959ac1b6343d3024ce5c7e9dea](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0906a3fa80f52f959ac1b6343d3024ce5c7e9dea)), closes [#​543](https://redirect.github.com/auth0/node-jsonwebtoken/issues/543) - Refactor tests related to kid and keyid ([#​545](https://redirect.github.com/auth0/node-jsonwebtoken/issues/545)) ([88645427a0adb420bd3e149199a2a6bf1e17277e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/88645427a0adb420bd3e149199a2a6bf1e17277e)), closes [#​545](https://redirect.github.com/auth0/node-jsonwebtoken/issues/545) - Refactor tests related to notBefore and nbf ([#​497](https://redirect.github.com/auth0/node-jsonwebtoken/issues/497)) ([39adf87a6faef3df984140f88e6724ddd709fd89](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39adf87a6faef3df984140f88e6724ddd709fd89)), closes [#​497](https://redirect.github.com/auth0/node-jsonwebtoken/issues/497) - Refactor tests related to subject and sub ([#​505](https://redirect.github.com/auth0/node-jsonwebtoken/issues/505)) ([5a7fa23c0b4ac6c25304dab8767ef840b43a0eca](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5a7fa23c0b4ac6c25304dab8767ef840b43a0eca)), closes [#​505](https://redirect.github.com/auth0/node-jsonwebtoken/issues/505) - Implement async/sync tests for exp claim ([#​536](https://redirect.github.com/auth0/node-jsonwebtoken/issues/536)) ([9ae3f207ac64b7450ea0a3434418f5ca58d8125e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9ae3f207ac64b7450ea0a3434418f5ca58d8125e)), closes [#​536](https://redirect.github.com/auth0/node-jsonwebtoken/issues/536) - Implement async/sync tests for nbf claim ([#​537](https://redirect.github.com/auth0/node-jsonwebtoken/issues/537)) ([88bc965061ed65299a395f42a100fb8f8c3c683e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/88bc965061ed65299a395f42a100fb8f8c3c683e)), closes [#​537](https://redirect.github.com/auth0/node-jsonwebtoken/issues/537) - Implement async/sync tests for sub claim ([#​534](https://redirect.github.com/auth0/node-jsonwebtoken/issues/534)) ([342b07bb105a35739eb91265ba5b9dd33c300fc6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/342b07bb105a35739eb91265ba5b9dd33c300fc6)), closes [#​534](https://redirect.github.com/auth0/node-jsonwebtoken/issues/534) - Implement async/sync tests for the aud claim ([#​535](https://redirect.github.com/auth0/node-jsonwebtoken/issues/535)) ([1c8ff5a68e6da73af2809c9d87faaf78602c99bb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1c8ff5a68e6da73af2809c9d87faaf78602c99bb)), closes [#​535](https://redirect.github.com/auth0/node-jsonwebtoken/issues/535) ##### CI - Added Istanbul to check test-coverage ([#​468](https://redirect.github.com/auth0/node-jsonwebtoken/issues/468)) ([9676a8306428a045e34c3987bd0680fb952b44e3](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9676a8306428a045e34c3987bd0680fb952b44e3)), closes [#​468](https://redirect.github.com/auth0/node-jsonwebtoken/issues/468) - Complete ESLint conversion and cleanup ([#​490](https://redirect.github.com/auth0/node-jsonwebtoken/issues/490)) ([cb1d2e1e40547f7ecf29fa6635041df6cbba7f40](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cb1d2e1e40547f7ecf29fa6635041df6cbba7f40)), closes [#​490](https://redirect.github.com/auth0/node-jsonwebtoken/issues/490) - Make code-coverage mandatory when running tests ([#​495](https://redirect.github.com/auth0/node-jsonwebtoken/issues/495)) ([fb0084a78535bfea8d0087c0870e7e3614a2cbe5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/fb0084a78535bfea8d0087c0870e7e3614a2cbe5)), closes [#​495](https://redirect.github.com/auth0/node-jsonwebtoken/issues/495) ### [`v8.3.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#830---2018-06-11) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.2...v8.3.0) - docs: add some clarifications ([#​473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#​473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473) - ci: fix ci execution, remove not needed script ([#​472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#​472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472) - new feature: Secret callback revisited ([#​480](https://redirect.github.com/auth0/node-jsonwebtoken/issues/480)) ([d01cc7bcbdeb606d997a580f967b3169fcc622ba](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d01cc7bcbdeb606d997a580f967b3169fcc622ba)), closes [#​480](https://redirect.github.com/auth0/node-jsonwebtoken/issues/480) - docs:Update README.md ([#​461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#​461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461) ### [`v8.2.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#822---2018-05-30) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.1...v8.2.2) - security: deps: jws@3.1.5 ([#​477](https://redirect.github.com/auth0/node-jsonwebtoken/issues/477)) ([ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51)), closes [#​465](https://redirect.github.com/auth0/node-jsonwebtoken/issues/465) - docs: add some clarifications ([#​473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#​473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473) - ci: fix ci execution, remove not needed script ([#​472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#​472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472) - docs: Update README.md ([#​461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#​461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461) ### [`v8.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#821---2018-04-05) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.0...v8.2.1) - bug fix: Check payload is not null when decoded. ([#​444](https://redirect.github.com/auth0/node-jsonwebtoken/issues/444)) ([1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5)) - docs: Clarify that buffer/string payloads must be JSON ([#​442](https://redirect.github.com/auth0/node-jsonwebtoken/issues/442)) ([e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b)) ### [`v8.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#820---2018-03-02) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.1.1...v8.2.0) - Add a new mutatePayload option ([#​446](https://redirect.github.com/auth0/node-jsonwebtoken/issues/446)) ([d6d7c5e5103f05a92d3633ac190d3025a0455be0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d6d7c5e5103f05a92d3633ac190d3025a0455be0)) ### [`v8.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#811---2018-01-22) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.1.0...v8.1.1) - ci: add newer node versions to build matrix ([#​428](https://redirect.github.com/auth0/node-jsonwebtoken/issues/428)) ([83f3eee44e122da06f812d7da4ace1fa26c24d9d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/83f3eee44e122da06f812d7da4ace1fa26c24d9d)) - deps: Bump ms version to add support for negative numbers ([#​438](https://redirect.github.com/auth0/node-jsonwebtoken/issues/438)) ([25e0e624545eaef76f3c324a134bf103bc394724](https://redirect.github.com/auth0/node-jsonwebtoken/commit/25e0e624545eaef76f3c324a134bf103bc394724)) - docs: Minor typo ([#​424](https://redirect.github.com/auth0/node-jsonwebtoken/issues/424)) ([dddcb73ac05de11b81feeb629f6cf78dd03d2047](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dddcb73ac05de11b81feeb629f6cf78dd03d2047)) - bug fix: Not Before (nbf) calculated based on iat/timestamp ([#​437](https://redirect.github.com/auth0/node-jsonwebtoken/issues/437)) ([2764a64908d97c043d62eba0bf6c600674f9a6d6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/2764a64908d97c043d62eba0bf6c600674f9a6d6)), closes [#​435](https://redirect.github.com/auth0/node-jsonwebtoken/issues/435) ### [`v8.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#810---2017-10-09) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.0.1...v8.1.0) - [#​402](https://redirect.github.com/auth0/node-jsonwebtoken/issues/402): Don't fail if captureStackTrace is not a function ([#​410](https://redirect.github.com/auth0/node-jsonwebtoken/issues/410)) ([77ee965d9081faaf21650f266399f203f69533c5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/77ee965d9081faaf21650f266399f203f69533c5)) - [#​403](https://redirect.github.com/auth0/node-jsonwebtoken/issues/403): Clarify error wording for "Expected object" error. ([#​409](https://redirect.github.com/auth0/node-jsonwebtoken/issues/409)) ([bb27eb346f0ff675a320b2de16b391a7cfeadc58](https://redirect.github.com/auth0/node-jsonwebtoken/commit/bb27eb346f0ff675a320b2de16b391a7cfeadc58)) - Enhance audience check to verify against regular expressions ([#​398](https://redirect.github.com/auth0/node-jsonwebtoken/issues/398)) ([81501a17da230af7b74a3f7535ab5cd3a19c8315](https://redirect.github.com/auth0/node-jsonwebtoken/commit/81501a17da230af7b74a3f7535ab5cd3a19c8315)) ### [`v8.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#801---2017-09-12) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.0.0...v8.0.1) - Remove `lodash.isarray` dependency ([#​394](https://redirect.github.com/auth0/node-jsonwebtoken/issues/394)) ([7508e8957cb1c778f72fa9a363a7b135b3c9c36d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7508e8957cb1c778f72fa9a363a7b135b3c9c36d)) ### [`v8.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#800---2017-09-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.3...v8.0.0) **Breaking changes: See [Migration notes from v7](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v7-to-v8)** - docs: readme, migration notes ([12cd8f7f47224f904f6b8f39d1dee73775de4f6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/12cd8f7f47224f904f6b8f39d1dee73775de4f6f)) - verify: remove process.nextTick ([#​302](https://redirect.github.com/auth0/node-jsonwebtoken/issues/302)) ([3305cf04e3f674b9fb7e27c9b14ddd159650ff82](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3305cf04e3f674b9fb7e27c9b14ddd159650ff82)) - Reduce size of NPM package ([#​347](https://redirect.github.com/auth0/node-jsonwebtoken/issues/347)) ([0be5409ac6592eeaae373dce91ec992fa101bd8a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0be5409ac6592eeaae373dce91ec992fa101bd8a)) - Remove joi to shrink module size ([#​348](https://redirect.github.com/auth0/node-jsonwebtoken/issues/348)) ([2e7e68dbd59e845cdd940afae0a296f48438445f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/2e7e68dbd59e845cdd940afae0a296f48438445f)) - maxAge: Add validation to timespan result ([66a4f8b996c8357727ce62a84605a005b2f5eb18](https://redirect.github.com/auth0/node-jsonwebtoken/commit/66a4f8b996c8357727ce62a84605a005b2f5eb18)) ### [`v7.4.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#743---2017-08-17) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.2...v7.4.3) - Fix breaking change on 7.4.2 for empty secret + "none" algorithm (sync code style) ([PR 386](https://redirect.github.com/auth0/node-jsonwebtoken/pull/386)) ### [`v7.4.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#742---2017-08-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.1...v7.4.2) - bugfix: sign: add check to be sure secret has a value ([c584d1cbc34b788977b36f17cd57ab2212f1230e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c584d1cbc34b788977b36f17cd57ab2212f1230e)) - docs: about refreshing tokens ([016fc10b847bfbb76b82171cb530f32d7da2001b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/016fc10b847bfbb76b82171cb530f32d7da2001b)) - docs: verifying with base64 encoded secrets ([c25e9906801f89605080cc71b3ee23a5e45a5811](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c25e9906801f89605080cc71b3ee23a5e45a5811)) - tests: Add tests for ES256 ([89900ea00735f76b04f437c9f542285b420fa9cb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/89900ea00735f76b04f437c9f542285b420fa9cb)) - docs: document keyid as option ([#​361](https://redirect.github.com/auth0/node-jsonwebtoken/issues/361)) ([00086c2c006d7fc1a47bae02fa87d194d79aa558](https://redirect.github.com/auth0/node-jsonwebtoken/commit/00086c2c006d7fc1a47bae02fa87d194d79aa558)) - docs: readme: Using private key with passpharase ([#​353](https://redirect.github.com/auth0/node-jsonwebtoken/issues/353)) ([27a7f1d4f35b662426ff0270526d48658da4c8b7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/27a7f1d4f35b662426ff0270526d48658da4c8b7)) ### [`v7.4.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#741---2017-05-17) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.0...v7.4.1) - bump ms to v2 due a ReDoS vulnerability ([#​352](https://redirect.github.com/auth0/node-jsonwebtoken/issues/352)) ([adcfd6ae4088c838769d169f8cd9154265aa13e0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/adcfd6ae4088c838769d169f8cd9154265aa13e0)) ### [`v7.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#740---2017-04-24) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.3.0...v7.4.0) - Add docs about numeric date fields ([659f73119900a4d837650d9b3f5af4e64a2f843b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/659f73119900a4d837650d9b3f5af4e64a2f843b)) - Make Options object optional for callback-ish sign ([e202c4fd00c35a24e9ab606eab89186ade13d0cc](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e202c4fd00c35a24e9ab606eab89186ade13d0cc)) ### [`v7.3.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#730---2017-02-13) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.2.1...v7.3.0) - Add more information to `maxAge` option in README ([1b0592e99cc8def293eed177e2575fa7f1cf7aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b0592e99cc8def293eed177e2575fa7f1cf7aa5)) - Add `clockTimestamp` option to `verify()` you can set the current time in seconds with it ([#​274](https://redirect.github.com/auth0/node-jsonwebtoken/issues/274)) ([8fdc1504f4325e7003894ffea078da9cba5208d9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8fdc1504f4325e7003894ffea078da9cba5208d9)) - Fix handling non string tokens on `verify()` input ([#​305](https://redirect.github.com/auth0/node-jsonwebtoken/issues/305)) ([1b6ec8d466504f58c5a6e2dae3360c828bad92fb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b6ec8d466504f58c5a6e2dae3360c828bad92fb)), closes [#​305](https://redirect.github.com/auth0/node-jsonwebtoken/issues/305) - Fixed a simple typo in docs ([#​287](https://redirect.github.com/auth0/node-jsonwebtoken/issues/287)) ([a54240384e24e18c00e75884295306db311d0cb7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/a54240384e24e18c00e75884295306db311d0cb7)), closes [#​287](https://redirect.github.com/auth0/node-jsonwebtoken/issues/287) - Raise jws.decode error to avoid confusion with "invalid token" error ([#​294](https://redirect.github.com/auth0/node-jsonwebtoken/issues/294)) ([7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e)) - rauchg/ms.js changed to zeit/ms ([#​303](https://redirect.github.com/auth0/node-jsonwebtoken/issues/303)) ([35d84152a6b716d757cb5b1dd3c79fe3a1bc0628](https://redirect.github.com/auth0/node-jsonwebtoken/commit/35d84152a6b716d757cb5b1dd3c79fe3a1bc0628)) ### [`v7.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#721---2016-12-07) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.2.0...v7.2.1) - add nsp check to find vulnerabilities on npm test ([4219c34b5346811c07f520f10516cc495bcc70dd](https://redirect.github.com/auth0/node-jsonwebtoken/commit/4219c34b5346811c07f520f10516cc495bcc70dd)) - revert to joi@^6 to keep ES5 compatibility ([51d4796c07344bf817687f7ccfeef78f00bf5b4f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/51d4796c07344bf817687f7ccfeef78f00bf5b4f)) ### [`v7.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#720---2016-12-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.10...v7.2.0) - improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0)) - Restructured a sentence ([ccc7610187a862f7a50177eadc9152eef26cd065](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ccc7610187a862f7a50177eadc9152eef26cd065)) - Allow `keyid` on `sign`. ([b412be91b89acb3a742bb609d3b54e47e1dfc441](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b412be91b89acb3a742bb609d3b54e47e1dfc441)) - upgrade joi ([715e3d928023d414d45c6dc3f096a7c8448139ae](https://redirect.github.com/auth0/node-jsonwebtoken/commit/715e3d928023d414d45c6dc3f096a7c8448139ae)) - upgrade to latest nodes and Travis infrastructure ([3febcc1dd23ecdec1abbf89313959941d15eb47a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3febcc1dd23ecdec1abbf89313959941d15eb47a)) ### [`v7.1.10`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#7110---2016-12-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.9...v7.1.10) - Bump node-jws version number ([07813dd7194630c9f452684279178af76464a759](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07813dd7194630c9f452684279178af76464a759)) - improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0)) ### [`v7.1.9`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#719---2016-08-11) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.8...v7.1.9) - Revert "Merge branch 'venatir-master'" ([d06359ef3b4e619680e043ee7c16adda16598f52](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d06359ef3b4e619680e043ee7c16adda16598f52)) ### [`v7.1.8`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#718---2016-08-10) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.7...v7.1.8) - Fixed tests, however typ: 'JWT' should not be in the options at all, so please review other tests ([01903bcdc61b4ed429acbbd1fe0ffe0db364473b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/01903bcdc61b4ed429acbbd1fe0ffe0db364473b)) - Removing unnecessary extra decoding. jwtString is already verified as valid and signature checked ([55d5834f7b637011e1d8b927ff78a92a5fd521cf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/55d5834f7b637011e1d8b927ff78a92a5fd521cf)) - update changelog ([5117aacd0118a10331889a64e61d8186112d8a23](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5117aacd0118a10331889a64e61d8186112d8a23)) ### [`v7.1.7`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#717---2016-07-29) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.6...v7.1.7) - Use lodash.once instead of unlicensed/unmaintained cb ([3ac95ad93ef3068a64e03d8d14deff231b1ed529](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3ac95ad93ef3068a64e03d8d14deff231b1ed529)) ### [`v7.1.6`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#716---2016-07-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.5...v7.1.6) - fix issue with buffer payload. closes [#​216](https://redirect.github.com/auth0/node-jsonwebtoken/issues/216) ([6b50ff324b4dfd2cb0e49b666f14a6672d015b22](https://redirect.github.com/auth0/node-jsonwebtoken/commit/6b50ff324b4dfd2cb0e49b666f14a6672d015b22)), closes [#​216](https://redirect.github.com/auth0/node-jsonwebtoken/issues/216) ### [`v7.1.5`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#715---2016-07-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.3...v7.1.5) - update jws in package.json ([b6260951eefc68aae5f4ede359210761f901ff7a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b6260951eefc68aae5f4ede359210761f901ff7a)) ### [`v7.1.3`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.1...v7.1.3) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.1...v7.1.3) ### [`v7.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#7110---2016-12-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.0...v7.1.1) - Bump node-jws version number ([07813dd7194630c9f452684279178af76464a759](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07813dd7194630c9f452684279178af76464a759)) - improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0)) ### [`v7.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#710---2016-07-12) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.1...v7.1.0) - Exp calculated based on iat. fix [#​217](https://redirect.github.com/auth0/node-jsonwebtoken/issues/217) ([757a16e0e35ad19f9e456820f55d5d9f3fc76aee](https://redirect.github.com/auth0/node-jsonwebtoken/commit/757a16e0e35ad19f9e456820f55d5d9f3fc76aee)), closes [#​217](https://redirect.github.com/auth0/node-jsonwebtoken/issues/217) ### [`v7.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.0...v7.0.1) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.0...v7.0.1) ### [`v7.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#700---2016-05-19) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.2.0...v7.0.0) - change jwt.sign to return errors on callback instead of throwing errors ([1e46c5a42aa3dab8478efa4081d8f8f5c5485d56](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1e46c5a42aa3dab8478efa4081d8f8f5c5485d56)) ### [`v6.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#620---2016-04-29) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.2...v6.2.0) - add support for `options.clockTolerance` to `jwt.verify` ([65ddea934f226bf06bc9d6a55be9587515cfc38d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/65ddea934f226bf06bc9d6a55be9587515cfc38d)) ### [`v6.1.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#612---2016-04-29) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.1...v6.1.2) - fix sign method for node.js 0.12. closes [#​193](https://redirect.github.com/auth0/node-jsonwebtoken/issues/193) ([9c38374142d3929be3c9314b5e9bc5d963c5955f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9c38374142d3929be3c9314b5e9bc5d963c5955f)), closes [#​193](https://redirect.github.com/auth0/node-jsonwebtoken/issues/193) - improve async test ([7b0981380ddc40a5f1208df520631785b5ffb85a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7b0981380ddc40a5f1208df520631785b5ffb85a)) ### [`v6.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.0...v6.1.1) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.0...v6.1.1) ### [`v6.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#610---2016-04-27) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.0.1...v6.1.0) - verify unsigned tokens ([ec880791c10ed5ef7c8df7bf28ebb95c810479ed](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ec880791c10ed5ef7c8df7bf28ebb95c810479ed)) ### [`v6.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#601---2016-04-27) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.0.0...v6.0.1) This was an immediate change after publishing 6.0.0. - throw error on invalid options when the payload is not an object ([304f1b33075f79ed66f784e27dc4f5307aa39e27](https://redirect.github.com/auth0/node-jsonwebtoken/commit/304f1b33075f79ed66f784e27dc4f5307aa39e27)) ### [`v6.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#600---2016-04-27) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.7.0...v6.0.0) - Change .sign to standard async callback ([50873c7d45d2733244d5da8afef3d1872e657a60](https://redirect.github.com/auth0/node-jsonwebtoken/commit/50873c7d45d2733244d5da8afef3d1872e657a60)) - Improved the options for the `sign` method ([53c3987b3cc34e95eb396b26fc9b051276e2f6f9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53c3987b3cc34e95eb396b26fc9b051276e2f6f9)) - throw error on invalid options like `expiresIn` when the payload is not an object ([304f1b33075f79ed66f784e27dc4f5307aa39e27](https://redirect.github.com/auth0/node-jsonwebtoken/commit/304f1b33075f79ed66f784e27dc4f5307aa39e27)) - `expiresInMinutes` and `expiresInSeconds` are deprecated and no longer supported. - `notBeforeInMinutes` and `notBeforeInSeconds` are deprecated and no longer supported. - `options` are strongly validated. - `options.expiresIn`, `options.notBefore`, `options.audience`, `options.issuer`, `options.subject` and `options.jwtid` are mutually exclusive with `payload.exp`, `payload.nbf`, `payload.aud`, `payload.iss` - `options.algorithm` is properly validated. - `options.headers` is renamed to `options.header`. - update CHANGELOG to reflect most of the changes. closes [#​136](https://redirect.github.com/auth0/node-jsonwebtoken/issues/136) ([b87a1a8d2e2533fbfab518765a54f00077918eb7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b87a1a8d2e2533fbfab518765a54f00077918eb7)), closes [#​136](https://redirect.github.com/auth0/node-jsonwebtoken/issues/136) - update readme ([53a88ecf4494e30e1d62a1cf3cc354650349f486](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53a88ecf4494e30e1d62a1cf3cc354650349f486)) ### [`v5.7.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#570---2016-02-16) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.2...v5.7.0) - add support for validating multiples issuers. closes [#​163](https://redirect.github.com/auth0/node-jsonwebtoken/issues/163) ([39d9309ae05648dbd72e5fd1993df064ad0e8fa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39d9309ae05648dbd72e5fd1993df064ad0e8fa5)), closes [#​163](https://redirect.github.com/auth0/node-jsonwebtoken/issues/163) ### [`v5.6.2`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.0...v5.6.2) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.0...v5.6.2) ### [`v5.6.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#560---2016-02-16) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.4...v5.6.0) - added missing validations of sub and jti ([a1affe960d0fc52e9042bcbdedb65734f8855580](https://redirect.github.com/auth0/node-jsonwebtoken/commit/a1affe960d0fc52e9042bcbdedb65734f8855580)) - Fix tests in jwt.rs.tests.js which causes 4 to fail ([8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1)) - Update README.md ([349b7cd00229789b138928ca060d3ef015aedaf9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/349b7cd00229789b138928ca060d3ef015aedaf9)) ### [`v5.5.4`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#554---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.3...v5.5.4) - minor ([46552e7c45025c76e3f647680d7539a66bfac612](https://redirect.github.com/auth0/node-jsonwebtoken/commit/46552e7c45025c76e3f647680d7539a66bfac612)) ### [`v5.5.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#553---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.2...v5.5.3) - add a console.warn on invalid options for string payloads ([71200f14deba0533d3261266348338fac2d14661](https://redirect.github.com/auth0/node-jsonwebtoken/commit/71200f14deba0533d3261266348338fac2d14661)) - minor ([65b1f580382dc58dd3da6f47a52713776fd7cdf2](https://redirect.github.com/auth0/node-jsonwebtoken/commit/65b1f580382dc58dd3da6f47a52713776fd7cdf2)) ### [`v5.5.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#552---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.1...v5.5.2) - fix signing method with sealed objects, do not modify the params object. closes [#​147](https://redirect.github.com/auth0/node-jsonwebtoken/issues/147) ([be9c09af83b09c9e72da8b2c6166fa51d92aeab6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/be9c09af83b09c9e72da8b2c6166fa51d92aeab6)), closes [#​147](https://redirect.github.com/auth0/node-jsonwebtoken/issues/147) ### [`v5.5.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#551---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.0...v5.5.1) - fix nbf verification. fix [#​152](https://redirect.github.com/auth0/node-jsonwebtoken/issues/152) ([786d37b299c67771b5e71a2ca476666ab0f97d98](https://redirect.github.com/auth0/node-jsonwebtoken/commit/786d37b299c67771b5e71a2ca476666ab0f97d98)), closes [#​152](https://redirect.github.com/auth0/node-jsonwebtoken/issues/152) ### [`v5.5.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#550---2015-12-28) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/eb272d6da05b7d19d24a5e749cf026ac2b413abf...v5.5.0) - improvements to nbf and jti claims ([46372e928f6d2e7398f9b88022ca617d2a3b0699](https://redirect.github.com/auth0/node-jsonwebtoken/commit/46372e928f6d2e7398f9b88022ca617d2a3b0699)) - Remove duplicate payload line (fix bug in IE strict mode) ([8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8)) - Remove duplicate require('ms') line ([7c00bcbcbf8f7503a1070b394a165eccd41de66f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7c00bcbcbf8f7503a1070b394a165eccd41de66f)) - Update README to reflect addition of async sign ([d661d4b6f68eb417834c99b36769444723041ccf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d661d4b6f68eb417834c99b36769444723041ccf)) ### [`v5.4.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.4.0...eb272d6da05b7d19d24a5e749cf026ac2b413abf) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.4.0...eb272d6da05b7d19d24a5e749cf026ac2b413abf) ### [`v5.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#540---2015-10-02) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.3.1...v5.4.0) - deprecate expireInMinutes and expireInSeconds - in favor of expiresIn ([39ecc6f8f310f8462e082f1d53de0b4222b29b6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39ecc6f8f310f8462e082f1d53de0b4222b29b6f)) ### [`v5.3.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/7e8292e768bd3865d10dad333e6bb750a64dda7e...v5.3.1) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/7e8292e768bd3865d10dad333e6bb750a64dda7e...v5.3.1) ### [`v5.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.1.0...7e8292e768bd3865d10dad333e6bb750a64dda7e) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.1.0...7e8292e768bd3865d10dad333e6bb750a64dda7e) ### [`v5.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#510---2015-10-02) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.5...v5.1.0) - added async signing ([9414fbcb15a1f9cf4fe147d070e9424c547dabba](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9414fbcb15a1f9cf4fe147d070e9424c547dabba)) - Update README.md ([40b2aaaa843442dfb8ee7b574f0a788177e7c904](https://redirect.github.com/auth0/node-jsonwebtoken/commit/40b2aaaa843442dfb8ee7b574f0a788177e7c904)) ### [`v5.0.5`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#505---2015-08-19) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.4...v5.0.5) - add ms dep to package.json ([f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251)) - add note to explain, related to [#​96](https://redirect.github.com/auth0/node-jsonwebtoken/issues/96) [#​101](https://redirect.github.com/auth0/node-jsonwebtoken/issues/101) [#​6](https://redirect.github.com/auth0/node-jsonwebtoken/issues/6) ([dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3)) - add tests for options.headers ([7787dd74e705787c39a871ca29c75a2e0a3948ac](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7787dd74e705787c39a871ca29c75a2e0a3948ac)) - add tests for verify expires ([d7c5793d98c300603440ab460c11665f661ad3a0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d7c5793d98c300603440ab460c11665f661ad3a0)) - add verify option maxAge (with tests) ([49d54e54f7e70b1c53a2e4ee67e116c907d75319](https://redirect.github.com/auth0/node-jsonwebtoken/commit/49d54e54f7e70b1c53a2e4ee67e116c907d75319)) - fix spelling error in error message ([8078b11b224fa05ac9003ca5aa2c85e9f0128cfb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8078b11b224fa05ac9003ca5aa2c85e9f0128cfb)) - Fix typo options.header is not a documented option + ([5feaa5b962ccbddeff054817a410f7b0c1e6ce7f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5feaa5b962ccbddeff054817a410f7b0c1e6ce7f)) - update JWT spec link. closes [#​112](https://redirect.github.com/auth0/node-jsonwebtoken/issues/112) ([f5fa50f797456a12240589161835c7ea30807195](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f5fa50f797456a12240589161835c7ea30807195)), closes [#​112](https://redirect.github.com/auth0/node-jsonwebtoken/issues/112) ### [`v5.0.4`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.3...v5.0.4) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.3...v5.0.4) ### [`v5.0.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#503---2015-07-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.2...v5.0.3) - Added nbf support ([f26ba4e2fa197a20497632b63ffcd13ae93aacc4](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f26ba4e2fa197a20497632b63ffcd13ae93aacc4)) - Added support for subject and jwt id ([ab76ec5bc554e2d1e25376ddb7cea711d86af651](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ab76ec5bc554e2d1e25376ddb7cea711d86af651)) - Fix `this` referring to the global object instead of `module.exports` in `verify()` ([93f554312e37129027fcf4916f48cb8d1b53588c](https://redirect.github.com/auth0/node-jsonwebtoken/commit/93f554312e37129027fcf4916f48cb8d1b53588c)) - Fix typo, line 139 README, complete option for .decode. ([59c110aeb8c7c1847ef2ffd77702d13627c89e10](https://redirect.github.com/auth0/node-jsonwebtoken/commit/59c110aeb8c7c1847ef2ffd77702d13627c89e10)) - minor ([61ff1172272b582902313e958058ff22413494af](https://redirect.github.com/auth0/node-jsonwebtoken/commit/61ff1172272b582902313e958058ff22413494af)) ### [`v5.0.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#502---2015-06-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.1...v5.0.2) - fix typo in docs . closes [#​86](https://redirect.github.com/auth0/node-jsonwebtoken/issues/86) ([3d3413221f36acef4dfd1cbed87f1f3565cd6f84](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3d3413221f36acef4dfd1cbed87f1f3565cd6f84)), closes [#​86](https://redirect.github.com/auth0/node-jsonwebtoken/issues/86) ### [`v5.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#501---2015-05-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.0...v5.0.1) - Add option to return header and payload when decoding. ([7254e011b59f892d1947e6c11819281adac7069d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7254e011b59f892d1947e6c11819281adac7069d)) - Avoid uncaught "SyntaxError: Unexpected token ͧ" error. ([0dc59cd6ee15d83a606acffa7909ee76176ae186](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0dc59cd6ee15d83a606acffa7909ee76176ae186)) - Document complete option in README. ([ec32b20241a74d9681ea26e1a7024b4642468c00](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ec32b20241a74d9681ea26e1a7024b4642468c00)) - Fix example in README, silence verbose logging. ([ba3174d10033c41e9c211a38f1cc67f74fbd7f69](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ba3174d10033c41e9c211a38f1cc67f74fbd7f69)) - Fix link to auth0.com in README ([1b3c5ff72c9bc25e9271646e679f3080f2a042a0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b3c5ff72c9bc25e9271646e679f3080f2a042a0)) - Immediate return if not decoded. ([851bda2b10168f3269c3da6e74d310742f31a193](https://redirect.github.com/auth0/node-jsonwebtoken/commit/851bda2b10168f3269c3da6e74d310742f31a193)) - Prevent throw on undefined/null secret ([0fdf78d4dbf609455f3277d6169a987aef0384d4](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0fdf78d4dbf609455f3277d6169a987aef0384d4)) - Removed path from test ([d6240e24186732d368bffe21143becf44c38f0d6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d6240e24186732d368bffe21143becf44c38f0d6)) - Simplified checking for missing key ([f1cffd033bffc44f20558eda4a797c3fa2f4ee05](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f1cffd033bffc44f20558eda4a797c3fa2f4ee05)) - Typo ([ffe68dbe0219bab535c1018448eb4c0b22f1f902](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ffe68dbe0219bab535c1018448eb4c0b22f1f902)) - Update CHANGELOG.md ([927cce0dad1bc9aad75aeef53e276cf4cfc0d776](https://redirect.github.com/auth0/node-jsonwebtoken/commit/927cce0dad1bc9aad75aeef53e276cf4cfc0d776)) - Update CHANGELOG.md ([6879e0fdde222995c70a3a69a4af94993d9c667e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/6879e0fdde222995c70a3a69a4af94993d9c667e)) - Update CHANGELOG.md ([c5596c10e8705727fa13e0394184a606083078bc](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c5596c10e8705727fa13e0394184a606083078bc)) - Update CHANGELOG.md ([07541f0315f26d179e1cde92732b6124d6869b6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07541f0315f26d179e1cde92732b6124d6869b6f)) - Update CHANGELOG.md ([e6465d48ddd1dc2c3297229b28c78fd5490a2ba9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e6465d48ddd1dc2c3297229b28c78fd5490a2ba9)) ### [`v5.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#500---2015-04-11) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v4.2.2...v5.0.0) ##### Changed - \[sign] Only set defautl `iat` if the user does not specify that argument. https://github.com/auth0/node-jsonwebtoken/commit/e900282a8d2dff1d4dec815f7e6aa7782e867d91 https://github.com/auth0/node-jsonwebtoken/commit/35036b188b4ee6b42df553bbb93bc8a6b19eae9d https://github.com/auth0/node-jsonwebtoken/commit/954bd7a312934f03036b6bb6f00edd41f29e54d9 https://github.com/auth0/node-jsonwebtoken/commit/24a370080e0b75f11d4717cd2b11b2949d95fc2e https://github.com/auth0/node-jsonwebtoken/commit/a77df6d49d4ec688dfd0a1cc723586bffe753516 ##### Security - \[verify] Update to jws@^3.0.0 and renaming `header.alg` mismatch exception to `invalid algorithm` and adding more mismatch tests. As `jws@3.0.0` changed the verify method signature to be `jws.verify(signature, algorithm, secretOrKey)`, the token header must be decoded first in order to make sure that the `alg` field matches one of the allowed `options.algorithms`. After that, the now validated `header.alg` is passed to `jws.verify` As the order of steps has changed, the error that was thrown when the JWT was invalid is no longer the `jws` one: { [Error: Invalid token: no header in signature 'a.b.c'] code: 'MISSING_HEADER', signature: 'a.b.c' } That old error (removed from jws) has been replaced by a `JsonWebTokenError` with message `invalid token`. > Important: versions >= 4.2.2 this library are safe to use but we decided to deprecate everything `< 5.0.0` to prevent security warnings from library `node-jws` when doing `npm install`. https://github.com/auth0/node-jsonwebtoken/commit/634b8ed0ff5267dc25da5c808634208af109824e https://github.com/auth0/node-jsonwebtoken/commit/9f24ffd5791febb449d4d03ff58d7807da9b9b7e https://github.com/auth0/node-jsonwebtoken/commit/19e6cc6a1f2fd90356f89b074223b9665f2aa8a2 https://github.com/auth0/node-jsonwebtoken/commit/1e4623420159c6410616f02a44ed240f176287a9 https://github.com/auth0/node-jsonwebtoken/commit/954bd7a312934f03036b6bb6f00edd41f29e54d9 https://github.com/auth0/node-jsonwebtoken/commit/24a370080e0b75f11d4717cd2b11b2949d95fc2e https://github.com/auth0/node-jsonwebtoken/commit/a77df6d49d4ec688dfd0a1cc723586bffe753516 ### [`v4.2.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#422---2015-03-26) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v4.2.1...v4.2.2) ##### Fixed - \[asymmetric-keys] Fix verify for RSAPublicKey formated keys (`jfromaniello - awlayton`) https://github.com/auth0/node-jsonwebtoken/commit/402794663b9521bf602fcc6f2e811e7d3912f9dc https://github.com/auth0/node-jsonwebtoken/commit/8df6aabbc7e1114c8fb3917931078254eb52c222 ### [`v4.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#421---2015-03-17) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v4.2.0...v4.2.1) ##### Fixed - \[asymmetric-keys] Fixed issue when public key starts with BEING PUBLIC KEY [https://github.com/auth0/node-jsonwebtoken/issues/70](https://redirect.github.com/auth0/node-jsonwebtoken/issues/70)0) (`jfromaniello`) https://github.com/auth0/node-jsonwebtoken/commit/7017e74db9b194448ff488b3e16468ada60c4ee5 ### [`v4.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#420---2015-03-16) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v4.1.0...v4.2.0) ##### Security - \[asymmetric-keys] Making sure a token signed with an asymmetric key will be verified using a asymmetric key. When the verification part was expecting a token digitally signed with an asymmetric key (RS/ES family) of algorithms an attacker could send a token signed with a symmetric algorithm (HS\* family). The issue was caused because the same signature was used to verify both type of tokens (`verify` method parameter: `secretOrPublicKey`). This change adds a new parameter to the verify called `algorithms`. This can be used to specify a list of supported algorithms, but the default value depends on the secret used: if the secretOrPublicKey contains the string `BEGIN CERTIFICATE` the default is `[ 'RS256','RS384','RS512','ES256','ES384','ES512' ]` otherwise is `[ 'HS256','HS384','HS512' ]`. (`jfromaniello`) https://github.com/auth0/node-jsonwebtoken/commit/c2bf7b2cd7e8daf66298c2d168a008690bc4bdd3 https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 ### [`v4.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#410---2015-03-10) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v4.0.0...v4.1.0) ##### Changed - Assume the p