search

commercetools / merchant-center-application-kit

Tools and components for developing Merchant Center Customizations 🛠
https://docs.commercetools.com/merchant-center-customizations
MIT License
67 stars 27 forks source link

chore(deps): update dependency jose to v5 - abandoned #3540

Open renovate[bot] opened 4 months ago

renovate[bot] commented 4 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jose 2.0.7 -> 5.4.0 age adoption passing confidence

Release Notes

panva/jose (jose) ### [`v5.4.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#540-2024-06-03) [Compare Source](https://togithub.com/panva/jose/compare/v5.3.0...v5.4.0) ##### Features - expose JWT's payload in JWTClaimValidationFailed instances ([58bcffb](https://togithub.com/panva/jose/commit/58bcffbac735cc727fd81c36813f12fd6f58b695)), closes [#​680](https://togithub.com/panva/jose/issues/680) ##### Refactor - add explicit return types everywhere ([cc2b2d7](https://togithub.com/panva/jose/commit/cc2b2d7b76118d59b9e08c589dc33a45a6377f4a)) ### [`v5.3.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#530-2024-05-10) [Compare Source](https://togithub.com/panva/jose/compare/v5.2.4...v5.3.0) ##### Features - allow observing remote JWKS resolver state and its manual reload ([fa8b639](https://togithub.com/panva/jose/commit/fa8b639c277e1694b08a08c7152341b22ec1725d)) ##### Refactor - if should not be the only statement in else blocks ([a6b716b](https://togithub.com/panva/jose/commit/a6b716b13859c76e4c1f7e33c60574514c6c2504)) ### [`v5.2.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#524-2024-04-07) [Compare Source](https://togithub.com/panva/jose/compare/v5.2.3...v5.2.4) ##### Refactor - use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet ([a7c566c](https://togithub.com/panva/jose/commit/a7c566c61ccf3b62d2bd3a9e58a70e1d4d3c8b0c)) ### [`v5.2.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#523-2024-03-07) [Compare Source](https://togithub.com/panva/jose/compare/v5.2.2...v5.2.3) ##### Refactor - move iv generation and optional outputs around ([05c4351](https://togithub.com/panva/jose/commit/05c4351be3a356da2a0e882fbbd8006f2725ec7b)) ### [`v5.2.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#522-2024-02-11) [Compare Source](https://togithub.com/panva/jose/compare/v5.2.1...v5.2.2) ##### Fixes - **types:** iv and tag is optional in JSON serializations ([53019cd](https://togithub.com/panva/jose/commit/53019cd1fa3a4dc265d4868b9c626d4d6c832e86)) ### [`v5.2.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#521-2024-02-03) [Compare Source](https://togithub.com/panva/jose/compare/v5.2.0...v5.2.1) ##### Fixes - **build:** refactor export targets for browser, node cjs, and node esm builds ([50cbc65](https://togithub.com/panva/jose/commit/50cbc65e165ea27b4ed08ee7fc5a747a17d235da)) ### [`v5.2.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#520-2023-12-24) [Compare Source](https://togithub.com/panva/jose/compare/v5.1.3...v5.2.0) ##### Features - extend JWT NumericDate setter syntax ([ae363c3](https://togithub.com/panva/jose/commit/ae363c3c434fb040985f08da68ed02067d205cbe)) ### [`v5.1.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#513-2023-11-30) [Compare Source](https://togithub.com/panva/jose/compare/v5.1.2...v5.1.3) ### [`v5.1.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#512-2023-11-27) [Compare Source](https://togithub.com/panva/jose/compare/v5.1.1...v5.1.2) ##### Fixes - do not mutate JWTVerifyOptions.requiredClaims ([1bf9cec](https://togithub.com/panva/jose/commit/1bf9cec024a4d01d989e15bb6e4b54e3940b4458)), closes [#​610](https://togithub.com/panva/jose/issues/610) ### [`v5.1.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#511-2023-11-14) [Compare Source](https://togithub.com/panva/jose/compare/v5.1.0...v5.1.1) ##### Refactor - deprecate the RSA1\_5 JWE Algorithm ([f746da1](https://togithub.com/panva/jose/commit/f746da172b693eb417c4f75c8db6230cf213cd76)) ### [`v5.1.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#510-2023-11-03) [Compare Source](https://togithub.com/panva/jose/compare/v5.0.2...v5.1.0) ##### Features - add payload generics to jose.decodeJwt ([9de49e2](https://togithub.com/panva/jose/commit/9de49e26956a20cdb94472f10f83b20480613329)), closes [#​604](https://togithub.com/panva/jose/issues/604) ### [`v5.0.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#502-2023-11-02) [Compare Source](https://togithub.com/panva/jose/compare/v5.0.1...v5.0.2) ##### Fixes - **createRemoteJWKSet:** ensure a default user-agent header is present ([887dd3c](https://togithub.com/panva/jose/commit/887dd3cd05f34e06ce20ad00201599a5a469fbac)), closes [#​600](https://togithub.com/panva/jose/issues/600) ### [`v5.0.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#501-2023-10-25) [Compare Source](https://togithub.com/panva/jose/compare/v5.0.0...v5.0.1) ##### Fixes - also use ES2020 in the CDN bundles ([8c4d390](https://togithub.com/panva/jose/commit/8c4d3909db56f2d62cf2bf413e8343c0fdd2b92f)) ### [`v5.0.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#500-2023-10-25) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.5...v5.0.0) ##### ⚠ BREAKING CHANGES - **Node.js:** return Uint8Array (not a Buffer) from base64url.decode - Browser distribution is now built using ES2020 as a target - Node.js distribution is now built using ES2022 as a target - **types:** jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload) - PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use. - importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present. - End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, and 21 and future releases are the ones that remain supported. - The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation. ##### Features - add Date as valid input to timestamp setting functions ([bd830a4](https://togithub.com/panva/jose/commit/bd830a47979912d4c0775d01a05584c2aa9f0dcd)) - default to an empty payload in JWT producing constructors ([98d6ca1](https://togithub.com/panva/jose/commit/98d6ca12c448697ed6342b1230b351eb5bfa0df8)) - **types:** add optional Generics for JWT verify and decrypt ([61bd2a0](https://togithub.com/panva/jose/commit/61bd2a0adb638c1c2469459d78556a99cec697c7)), closes [#​568](https://togithub.com/panva/jose/issues/568) ##### Reverts - Revert "test: fix test under lts/erbium" ([b64b6c7](https://togithub.com/panva/jose/commit/b64b6c731c3e2d0e6751e0221804af08d7015bfa)) ##### Refactor - Browser distribution is now built using ES2020 as a target ([1836684](https://togithub.com/panva/jose/commit/18366840e1ae557b951fe921c5004b17ad56e972)) - drop support for EOL Node.js versions ([b5aee54](https://togithub.com/panva/jose/commit/b5aee542fb5995dd29e012011f832ce8dfd24e29)) - importJWK always returns a Uint8Array for symmetric key inputs ([163e1b0](https://togithub.com/panva/jose/commit/163e1b02ed5b64368110d750c9f5f5c3d247042d)) - Node.js distribution is now built using ES2022 as a target ([239697a](https://togithub.com/panva/jose/commit/239697a17d048b8eb2120d29adff7f98edc0f26e)) - **Node.js:** return Uint8Array (not a Buffer) from base64url.decode ([02d5182](https://togithub.com/panva/jose/commit/02d51827e24195d650cf83de100ae16cd8b0599e)) - PBES2 Algorithms require explicit opt-in during verification ([e2da031](https://togithub.com/panva/jose/commit/e2da031381b7c5327ea9a0ccf58f059fa8af7e92)) - remove support for JWE "zip" (Compression Algorithm) Header Parameter ([16998b1](https://togithub.com/panva/jose/commit/16998b15c75d90b64eb5b0fa0713cfdfa7896757)) - **types:** rename type parameters for the KeyLike returns ([eddd400](https://togithub.com/panva/jose/commit/eddd400235e84e3d84c1a8471b01915a12d3d866)) - update allow list error messages ([fe8114c](https://togithub.com/panva/jose/commit/fe8114c82646f2468857effb934f39dd7bc75902)) ### [`v4.15.5`](https://togithub.com/panva/jose/releases/tag/v4.15.5) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.4...v4.15.5) ##### Fixes - add a maxOutputLength option to zlib inflate ([1b91d88](https://togithub.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b)), fixes [CVE-2024-28176](https://togithub.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q) ### [`v4.15.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4154-2023-10-14) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.3...v4.15.4) ##### Fixes - **types:** export GetKeyFunction ([#​592](https://togithub.com/panva/jose/issues/592)) ([936c9df](https://togithub.com/panva/jose/commit/936c9dff2bc124dc5f64906a96f665a28e57392c)), closes [#​591](https://togithub.com/panva/jose/issues/591) ### [`v4.15.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4153-2023-10-11) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.2...v4.15.3) ### [`v4.15.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4152-2023-10-04) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.1...v4.15.2) ##### Fixes - **build:** add a node target for jose-browser-runtime releases ([abb63d0](https://togithub.com/panva/jose/commit/abb63d0e8e7a55326dc343eec5f5eee9addc1dcf)) ### [`v4.15.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4151-2023-10-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.0...v4.15.1) ##### Fixes - resolve missing types for the cryptoRuntime const ([1627965](https://togithub.com/panva/jose/commit/16279652a67133fba0db7c9879767f000a8f1662)) ### [`v4.15.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4150-2023-10-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.6...v4.15.0) ##### Features - export the used crypto runtime as a constant ([0681dda](https://togithub.com/panva/jose/commit/0681dda1592a82c22a18981002b3763c502d0fc4)) ### [`v4.14.6`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4146-2023-09-04) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.5...v4.14.6) ##### Fixes - **build:** publish bundle and umd files with jose-browser-runtime module ([62fcbcc](https://togithub.com/panva/jose/commit/62fcbcc2170db00f5bbfc817839523dbf970239f)), closes [#​571](https://togithub.com/panva/jose/issues/571) ### [`v4.14.5`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4145-2023-09-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.4...v4.14.5) ##### Refactor - catch type error when decoding base64url signature ([#​569](https://togithub.com/panva/jose/issues/569)) ([935e920](https://togithub.com/panva/jose/commit/935e920d29d242e0446d365b1e4f0449d144c23c)) - catch type errors when decoding various base64url strings ([9024e87](https://togithub.com/panva/jose/commit/9024e870ece4ef121205dadc733c36d7978b97ab)) ### [`v4.14.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4144-2023-04-30) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.3...v4.14.4) ##### Refactor - cleanup NODE-ED25519 workerd workarounds ([072e83d](https://togithub.com/panva/jose/commit/072e83de5bf3a15775b0bf25ef8afa8851b8862d)) ### [`v4.14.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4143-2023-04-27) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.2...v4.14.3) ##### Reverts - Revert "fix(types): headers and payloads may only be JSON values and primitives" ([06d8101](https://togithub.com/panva/jose/commit/06d8101a5827a69bb25c2847b1a10d03f015db03)), closes [#​534](https://togithub.com/panva/jose/issues/534) ### [`v4.14.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4142-2023-04-26) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.1...v4.14.2) ##### Fixes - **types:** headers and payloads may only be JSON values and primitives ([24f306e](https://togithub.com/panva/jose/commit/24f306e7f33485daaba1e250dfc97b5f621079ad)) ### [`v4.14.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4141-2023-04-20) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.0...v4.14.1) ### [`v4.14.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4140-2023-04-14) [Compare Source](https://togithub.com/panva/jose/compare/v4.13.2...v4.14.0) ##### Features - add requiredClaims JWT validation option ([eeea91d](https://togithub.com/panva/jose/commit/eeea91df48cadda84e4fdce6bbba7251ca7af83f)) ### [`v4.13.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4132-2023-04-12) [Compare Source](https://togithub.com/panva/jose/compare/v4.13.1...v4.13.2) ##### Refactor - src/util/decode_protected_header.ts ([5716725](https://togithub.com/panva/jose/commit/5716725d7eb6fa8a416638db9d448840f839f620)) ### [`v4.13.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4131-2023-03-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.13.0...v4.13.1) ##### Fixes - **workerd:** avoid "The script will never generate a response" edge cases completely ([96a8c99](https://togithub.com/panva/jose/commit/96a8c99189f2399e9816ae1bca04b6d9cff93c26)), closes [#​355](https://togithub.com/panva/jose/issues/355) [#​509](https://togithub.com/panva/jose/issues/509) ### [`v4.13.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4130-2023-02-27) [Compare Source](https://togithub.com/panva/jose/compare/v4.12.2...v4.13.0) ##### Features - **types:** allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike ([6effa4d](https://togithub.com/panva/jose/commit/6effa4d35cfa984a5859d228f750e96af0c0a5e5)) ##### Fixes - make jose.EmbeddedJWK arguments optional ([20610a9](https://togithub.com/panva/jose/commit/20610a930d337c25756de107d93b84ccc52707a3)) ### [`v4.12.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4122-2023-02-27) [Compare Source](https://togithub.com/panva/jose/compare/v4.12.1...v4.12.2) ##### Fixes - **types:** declare explicit return from EmbeddedJWK ([46934ac](https://togithub.com/panva/jose/commit/46934ac474ba0119976c5ac15cce4ea7bf50de8c)) ### [`v4.12.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4121-2023-02-27) [Compare Source](https://togithub.com/panva/jose/compare/v4.12.0...v4.12.1) ##### Refactor - clarify when alg is used and required on key imports ([19e525f](https://togithub.com/panva/jose/commit/19e525fdee04ba6281f70bd20523b878408aa7ee)) - **node:** have node:crypto deal with x509 parsing ([45bb45d](https://togithub.com/panva/jose/commit/45bb45d42b6c96cbfcab7242d5cc366fb34481f1)) ### [`v4.12.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4120-2023-02-15) [Compare Source](https://togithub.com/panva/jose/compare/v4.11.4...v4.12.0) ##### Features - enable key iteration over JWKSMultipleMatchingKeys ([a278acd](https://togithub.com/panva/jose/commit/a278acdb0f458e555abdc1d048920e7da4fb7981)) ### [`v4.11.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4114-2023-02-07) [Compare Source](https://togithub.com/panva/jose/compare/v4.11.3...v4.11.4) ##### Fixes - **build:** ignore deno files in npm publishes ([b3d6a11](https://togithub.com/panva/jose/commit/b3d6a11bf0803c37e1e9d0368ccec1f1264eef74)) ### [`v4.11.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4113-2023-02-07) [Compare Source](https://togithub.com/panva/jose/compare/v4.11.2...v4.11.3) ##### Fixes - **CF Workers:** improve miniflare compat with different Node.js versions, get ready for future non-proprietary support ([3406b9f](https://togithub.com/panva/jose/commit/3406b9f73b1884b5db9c60675a68fe85794d48e0)), closes [#​446](https://togithub.com/panva/jose/issues/446) [#​495](https://togithub.com/panva/jose/issues/495) [#​497](https://togithub.com/panva/jose/issues/497) ### [`v4.11.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4112-2023-01-01) [Compare Source](https://togithub.com/panva/jose/compare/v4.11.1...v4.11.2) ##### Refactor - **node:** dry node version checks ([aff2f7c](https://togithub.com/panva/jose/commit/aff2f7c00f28b599ee72dd9f0a36c3783f1e195f)) ### [`v4.11.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4111-2022-11-22) [Compare Source](https://togithub.com/panva/jose/compare/v4.11.0...v4.11.1) ### [`v4.11.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4110-2022-11-08) [Compare Source](https://togithub.com/panva/jose/compare/v4.10.4...v4.11.0) ##### Features - add bun as a supported runtime ([3a63631](https://togithub.com/panva/jose/commit/3a636318914866decd934d455d7c3789d304992c)) ##### Fixes - respect JWK ext for symmetric keys ([20557fc](https://togithub.com/panva/jose/commit/20557fccf1ce0ebd7dd5d18cc33aa64d6f7b35ba)) ### [`v4.10.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4104-2022-10-28) [Compare Source](https://togithub.com/panva/jose/compare/v4.10.3...v4.10.4) ##### Fixes - typo in importPKSC8 error message ([#​468](https://togithub.com/panva/jose/issues/468)) ([746bc64](https://togithub.com/panva/jose/commit/746bc64675636f2a09a6745e71cba8a2bdf3718f)) - workaround for invalid use checks on CF Workers and Deno ([e4d04eb](https://togithub.com/panva/jose/commit/e4d04eb65f72041784d948eaa8432e4b64193729)) ### [`v4.10.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4103-2022-10-20) [Compare Source](https://togithub.com/panva/jose/compare/v4.10.2...v4.10.3) ### [`v4.10.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4102-2022-10-20) [Compare Source](https://togithub.com/panva/jose/compare/v4.10.1...v4.10.2) ### [`v4.10.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4101-2022-10-20) [Compare Source](https://togithub.com/panva/jose/compare/v4.10.0...v4.10.1) ### [`v4.10.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4100-2022-09-27) [Compare Source](https://togithub.com/panva/jose/compare/v4.9.3...v4.10.0) ##### Features - Curve25519, and Curve448 support for WebCryptoAPI runtimes ([fea359a](https://togithub.com/panva/jose/commit/fea359a2055aa1b65170999a7f8e1bb23a3a1cb5)) ##### Fixes - **importX509:** handle length encodings better ([47d0d77](https://togithub.com/panva/jose/commit/47d0d777a1ac90ff2ed0368fdab536db3d17aa8c)), closes [#​459](https://togithub.com/panva/jose/issues/459) ### [`v4.9.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#493-2022-09-15) [Compare Source](https://togithub.com/panva/jose/compare/v4.9.2...v4.9.3) ##### Refactor - update CEK length validation error message ([81a92a9](https://togithub.com/panva/jose/commit/81a92a9a9803022b82ea67577bde3fc0da3ecc6f)) - update key input validation error messages ([2eac34a](https://togithub.com/panva/jose/commit/2eac34aa8f02c800a5f0b944e03fbe681c962b9c)) - update keylike description for WinterCG ([6741679](https://togithub.com/panva/jose/commit/6741679936acf78f00c6effd559b4698cc92f123)) ### [`v4.9.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#492-2022-09-01) [Compare Source](https://togithub.com/panva/jose/compare/v4.9.1...v4.9.2) ##### Fixes - limit default PBES2 alg's computational expense ([03d6d01](https://togithub.com/panva/jose/commit/03d6d013bf6e070e85adfe5731f526978e3e8e4d)) ### [`v4.9.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#491-2022-08-29) [Compare Source](https://togithub.com/panva/jose/compare/v4.9.0...v4.9.1) ##### Fixes - **deno:** add a Deno package entrypoint ([9f3c459](https://togithub.com/panva/jose/commit/9f3c459e30b71eec54163d500edb59f5c72bf7c9)) ### [`v4.9.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#490-2022-08-17) [Compare Source](https://togithub.com/panva/jose/compare/v4.8.3...v4.9.0) ##### Features - add support for RFC 9278 - JWK Thumbprint URI ([d06ce65](https://togithub.com/panva/jose/commit/d06ce654666c5f584716f39843534118407c14e0)) ##### Refactor - consume some base64url decode errors ([#​436](https://togithub.com/panva/jose/issues/436)) ([caaf2c3](https://togithub.com/panva/jose/commit/caaf2c38dc51209d7adc493029f416c61759b1b1)) - unify JOSENotSupported throw on key export ([fe5d093](https://togithub.com/panva/jose/commit/fe5d093bf74b812ecd3ee92d40dd02619e88e06c)) ### [`v4.8.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#483-2022-06-29) [Compare Source](https://togithub.com/panva/jose/compare/v4.8.1...v4.8.3) ### [`v4.8.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#481-2022-05-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.8.0...v4.8.1) ##### Fixes - **typescript:** add types export for nodenext module resolution ([#​406](https://togithub.com/panva/jose/issues/406)) ([5a6d8f0](https://togithub.com/panva/jose/commit/5a6d8f0a2a3283bd1e832f1e71906d70f74c1262)) ### [`v4.8.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#480-2022-04-26) [Compare Source](https://togithub.com/panva/jose/compare/v4.7.0...v4.8.0) ##### Features - add "worker" export in package.json ([#​400](https://togithub.com/panva/jose/issues/400)) ([c58c80a](https://togithub.com/panva/jose/commit/c58c80ae98b7a55b3b95e72438040983ae9a23de)) - optional headers options for createRemoteJWKSet ([#​397](https://togithub.com/panva/jose/issues/397)) ([b4612f5](https://togithub.com/panva/jose/commit/b4612f5d256b773ab7a1144ac839bdf0f8ccff53)) ### [`v4.7.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#470-2022-04-21) [Compare Source](https://togithub.com/panva/jose/compare/v4.6.2...v4.7.0) ##### Features - add createRemoteJWKSet cacheMaxAge option ([5017d95](https://togithub.com/panva/jose/commit/5017d95764b3aca551631c1a2fbe7cc40cbb6055)), closes [#​394](https://togithub.com/panva/jose/issues/394) ### [`v4.6.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#462-2022-04-19) [Compare Source](https://togithub.com/panva/jose/compare/v4.6.1...v4.6.2) ##### Fixes - dont check JWT iat is in the past unless maxTokenAge is used ([96d85c7](https://togithub.com/panva/jose/commit/96d85c70033d2249de41ed07d97ed6843c15eb2a)) ### [`v4.6.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#461-2022-04-11) [Compare Source](https://togithub.com/panva/jose/compare/v4.6.0...v4.6.1) ### [`v4.6.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#460-2022-03-06) [Compare Source](https://togithub.com/panva/jose/compare/v4.5.3...v4.6.0) ##### Features - mark APIs and parameters that can lead to footguns as deprecated ([0ddbcc6](https://togithub.com/panva/jose/commit/0ddbcc6725ecb2d68efdaf0951cec4db31cc9b16)) - **types:** include JSDoc in the types ([74187a9](https://togithub.com/panva/jose/commit/74187a9aa97cac70c42035949dd847177025af7c)) ### [`v4.5.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#453-2022-03-05) [Compare Source](https://togithub.com/panva/jose/compare/v4.5.2...v4.5.3) ##### Fixes - **web api runtime:** rely on default fetch init values ([df6d966](https://togithub.com/panva/jose/commit/df6d96651d4ddeeb4a9b05bd2d778bd58528dad2)) ### [`v4.5.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#452-2022-03-04) [Compare Source](https://togithub.com/panva/jose/compare/v4.5.1...v4.5.2) ##### Fixes - decrypting empty ciphertext compact JWEs ([#​374](https://togithub.com/panva/jose/issues/374)) ([95fe597](https://togithub.com/panva/jose/commit/95fe59791dab9b31203f7a4ec5f4b44633d9b74f)) ### [`v4.5.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#451-2022-02-22) [Compare Source](https://togithub.com/panva/jose/compare/v4.5.0...v4.5.1) ##### Fixes - **typescript:** allow synchronous get key functions ([7c99153](https://togithub.com/panva/jose/commit/7c99153a9e8ae45a35de7eff45fcf6e60e1b088b)) ### [`v4.5.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#450-2022-02-07) [Compare Source](https://togithub.com/panva/jose/compare/v4.4.0...v4.5.0) ##### Features - add jose.decodeJwt utility ([3d2a2b8](https://togithub.com/panva/jose/commit/3d2a2b8eee18c9b60debbfae284b2bc3d2947dd2)) ##### Fixes - concurrent fetch await in cloudflare ([e44cd18](https://togithub.com/panva/jose/commit/e44cd18ea4cf8af173f874ca3a847fc315eee592)), closes [#​355](https://togithub.com/panva/jose/issues/355) ### [`v4.4.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#440-2022-01-24) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.9...v4.4.0) ##### Features - add createLocalJWKSet, resolver to verify using a local JWKSet ([bd7bf37](https://togithub.com/panva/jose/commit/bd7bf3789c146d765bbee2db0c93ba035020b24c)) ### [`v4.3.9`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#439-2022-01-22) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.8...v4.3.9) ##### Fixes - only add y to the epk header parameter when EC keys are used ([dd6775e](https://togithub.com/panva/jose/commit/dd6775eed00b60c14b7038ddec85c8bb3cf05781)), closes [#​348](https://togithub.com/panva/jose/issues/348) ### [`v4.3.8`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#438-2022-01-09) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.7...v4.3.8) ### [`v4.3.7`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#437-2021-11-18) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.6...v4.3.7) ##### Fixes - **typescript:** b64: true is fine to use in JWT, its useless, but allowed ([#​324](https://togithub.com/panva/jose/issues/324)) ([ee401c9](https://togithub.com/panva/jose/commit/ee401c9e0f23f10ff5c0484798cb0cb3e9074b84)) ### [`v4.3.6`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#436-2021-11-16) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.5...v4.3.6) ##### Fixes - **electron:** rsa-pss keys are never supported ([188c1f7](https://togithub.com/panva/jose/commit/188c1f709002302da99105cfc8fc6863a95761d9)) ### [`v4.3.5`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#435-2021-11-12) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.4...v4.3.5) ##### Fixes - **typescript:** b64 header regression ([#​324](https://togithub.com/panva/jose/issues/324)) ([9da0a7f](https://togithub.com/panva/jose/commit/9da0a7f49cf763314748eb01303320ce5af69762)) ### [`v4.3.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#434-2021-11-12) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.3...v4.3.4) ##### Fixes - Compact JWS verification handles a zero-length payload string ([7c70e7b](https://togithub.com/panva/jose/commit/7c70e7b9700886dfad8e7555b909da8e079c88da)) ### [`v4.3.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#433-2021-11-11) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.2...v4.3.3) ##### Fixes - **typescript:** apply updated compact and jwt headers to compact/jwt verify and decrypt results ([0c1946c](https://togithub.com/panva/jose/commit/0c1946c3e2a95e082b9a9095bf035756d8f17730)) ### [`v4.3.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#432-2021-11-11) [Compare Source](https://togithub.com/panva/jose/compare/v4.3.0...v4.3.2) ##### Fixes - createRemoteJWKSet handles all JWS syntaxes ([aaba8f3](https://togithub.com/panva/jose/commit/aaba8f3000b76b41733567367b9000348a839c17)) - **typescript:** Compact JWS Header Parameters has alg and enc as required ([0fa87af](https://togithub.com/panva/jose/commit/0fa87af64b8e9f0f0cb68264f4dc22cc985acf91)) - **typescript:** Compact JWS Header Parameters has alg as required ([c7fabd0](https://togithub.com/panva/jose/commit/c7fabd0f012513f3c9161b0f59befae1d7430e16)) - **typescript:** Signed JWT Header Parameters has alg as required and b64 as never ([79cbd82](https://togithub.com/panva/jose/commit/79cbd82d3dd36f9ef87e4d306d77d9694a1c5836)) ### [`v4.3.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#430-2021-11-11) [Compare Source](https://togithub.com/panva/jose/compare/v4.2.1...v4.3.0) ##### Features - add GeneralSign signature and GeneralEncrypt recipient builder chaining ([cfc93f5](https://togithub.com/panva/jose/commit/cfc93f5daf4729a189ef5caabae4a9ec9ad45378)) ### [`v4.2.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#421-2021-11-09) [Compare Source](https://togithub.com/panva/jose/compare/v4.2.0...v4.2.1) ##### Fixes - **node:** dont mention CryptoKey in versions without webcrypto ([401cabf](https://togithub.com/panva/jose/commit/401cabf97419768cea1d685dc73d933fa38d6c26)) ### [`v4.2.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#420-2021-11-08) [Compare Source](https://togithub.com/panva/jose/compare/v4.1.5...v4.2.0) ##### Features - General JWE Encryption ([94eca81](https://togithub.com/panva/jose/commit/94eca816872527074d2a591a983ee6c5d64da30c)) ### [`v4.1.5`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#415-2021-11-05) [Compare Source](https://togithub.com/panva/jose/compare/v4.1.4...v4.1.5) ##### Fixes - importX509 certificate values that do not include a version number ([51a18b6](https://togithub.com/panva/jose/commit/51a18b675a771ed573047398f79cd6f70d8f9fec)), closes [#​308](https://togithub.com/panva/jose/issues/308) ### [`v4.1.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#414-2021-11-01) [Compare Source](https://togithub.com/panva/jose/compare/v4.1.3...v4.1.4) ##### Fixes - allow shorter HMAC secrets ([57126f1](https://togithub.com/panva/jose/commit/57126f1806493a2782647610c2a6b5d20ea3e516)) ### [`v4.1.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#413-2021-11-01) [Compare Source](https://togithub.com/panva/jose/compare/v4.1.2...v4.1.3) ##### Fixes - **edge-functions:** don't use globalThis ([3952030](https://togithub.com/panva/jose/commit/39520302d078da2273b5a24f8254f6c221195c63)) ### [`v4.1.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#412-2021-10-25) [Compare Source](https://togithub.com/panva/jose/compare/v4.1.1...v4.1.2) ##### Fixes - **build:** ensure cjs/esm specific packages have the right main entry ([2f4526a](https://togithub.com/panva/jose/commit/2f4526a22b9bd62727bdd825e326ef79695c8ea3)) ### [`v4.1.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#411-2021-10-21) [Compare Source](https://togithub.com/panva/jose/compare/v4.1.0...v4.1.1) ##### Fixes - **typescript:** work around potentially missing global URL from DOM lib ([7ed731c](https://togithub.com/panva/jose/commit/7ed731c567db6e64f0fbd618efe7e48d812af0c6)), closes [#​295](https://togithub.com/panva/jose/issues/295) ### [`v4.1.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#410-2021-10-18) [Compare Source](https://togithub.com/panva/jose/compare/v4.0.4...v4.1.0) ##### Features - **web:** publish umd and bundle files to cdnjs.com ([3b3100a](https://togithub.com/panva/jose/commit/3b3100a8f115db5fb7c56482a0c5cf4814e0f838)) ### [`v4.0.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#404-2021-10-17) [Compare Source](https://togithub.com/panva/jose/compare/v4.0.3...v4.0.4) ##### Fixes - **web:** check Uint8Array CEK lengths, refactor for better tree-shaking ([e8299f2](https://togithub.com/panva/jose/commit/e8299f246b1dbf1665d8f1ed141b9bde34684293)) ### [`v4.0.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#403-2021-10-16) [Compare Source](https://togithub.com/panva/jose/compare/v4.0.2...v4.0.3) ##### Fixes - **web:** checking cryptokey applicability early ([89dc2aa](https://togithub.com/panva/jose/commit/89dc2aab99d831e922ba865eccfb29b8229ed767)) ### [`v4.0.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#402-2021-10-15) [Compare Source](https://togithub.com/panva/jose/compare/v4.0.1...v4.0.2) ##### Fixes - **typescript:** export ProduceJWT ([#​285](https://togithub.com/panva/jose/issues/285)) ([2b8738e](https://togithub.com/panva/jose/commit/2b8738e38a4286c9a1411e3aef3159f61427317c)) ### [`v4.0.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#401-2021-10-14) [Compare Source](https://togithub.com/panva/jose/compare/v4.0.0...v4.0.1) ##### Fixes - **typescript:** re-export all types from index.d.ts ([d68f104](https://togithub.com/panva/jose/commit/d68f104d5895f639812b3317696a4616c3e5fb59)) ### [`v4.0.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#400-2021-10-14) [Compare Source](https://togithub.com/panva/jose/compare/v3.20.4...v4.0.0) ##### ⚠ BREAKING CHANGES - All module named exports have moved from subpaths to just "jose". For example, `import { jwtVerify } from 'jose/jwt/verify'` is now just `import { jwtVerify } from 'jose'`. - All submodule default exports and named have been removed in favour of just "jose" named exports. - **typescript:** remove repeated type re-exports - The undocumented `jose/util/random` was removed. - The `jose/jwk/thumbprint` named export is renamed to `calculateJwkThumbprint`, now `import { calculateJwkThumbprint } from 'jose'` - The deprecated `jose/jwk/parse` module was removed, use `import { importJWK } from 'jose'` instead. - The deprecated `jose/jwk/from_key_like` module was removed, use `import { exportJWK } from 'jose'` instead. ##### Refactor - redo exports to support broader tooling ([dd2cf9e](https://togithub.com/panva/jose/commit/dd2cf9ed2d89488de6dc4536f721887ffc9bb34f)) - remove util/random ([914e47f](https://togithub.com/panva/jose/commit/914e47fc9b6c207fd7e3469b1c3fac40f7a81031)) - removed the deprecated jwk/from_key_like module ([ec1d0e7](https://togithub.com/panva/jose/commit/ec1d0e72fe39ec2bccc28e46b5bce2dc17711134)) - removed the deprecated jwk/parse module ([8d3cc3b](https://togithub.com/panva/jose/commit/8d3cc3bb46e7e87e6511859dce58a651811ca551)) - rename calculateThumprint to calculateJwkThumbprint ([5afb713](https://togithub.com/panva/jose/commit/5afb713fbb99e6c884bb3b1c68ae2cf490e54595)) - **typescript:** remove repeated type re-exports ([3e137d2](https://togithub.com/panva/jose/commit/3e137d2427035d18397825074c2ee1e5db97515b)) ### [`v3.20.4`](https://togithub.com/panva/jose/releases/tag/v3.20.4) [Compare Source](https://togithub.com/panva/jose/compare/v3.20.3...v3.20.4) ##### Fixes - limit default PBES2 alg's computational expense ([d530c30](https://togithub.com/panva/jose/commit/d530c30af5d5156552accfcdf0b059696e17c44c)) ### [`v3.20.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3203-2021-10-14) [Compare Source](https://togithub.com/panva/jose/compare/v3.20.2...v3.20.3) ##### Fixes - remove clutter when tree shaking browser dist ([73ba370](https://togithub.com/panva/jose/commit/73ba3708d45e32215c76f17d9982b0f4e20b7f08)) - **typescript:** JWTExpired error TS2417 ([373e0e4](https://togithub.com/panva/jose/commit/373e0e4b22fb48cefcf14385a19c5ea6a57a849e)) ### [`v3.20.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3202-2021-10-13) [Compare Source](https://togithub.com/panva/jose/compare/v3.20.1...v3.20.2) ##### Fixes - allow tree-shaking of errors ([0824301](https://togithub.com/panva/jose/commit/08243010d922c36d22002e35299ec5710654c695)) ### [`v3.20.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3201-2021-10-06) [Compare Source](https://togithub.com/panva/jose/compare/v3.20.0...v3.20.1) ##### Fixes - **typescript:** PEM import functions always resolve a KeyLike, never a Uint8Array ([8ef3a8e](https://togithub.com/panva/jose/commit/8ef3a8ebb78b592e664102cb593542ae6259d72a)) ### [`v3.20.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3200-2021-10-06) [Compare Source](https://togithub.com/panva/jose/compare/v3.19.0...v3.20.0) ##### Features - improve key input type errors, remove dependency on [@​types/node](https://togithub.com/types/node) ([a13eb04](https://togithub.com/panva/jose/commit/a13eb045d86d96e56f7a250cdc808f8c5aa0e62a)) ##### Fixes - proper createRemoteJWKSet timeoutDuration handling ([efa1619](https://togithub.com/panva/jose/commit/efa16195173f9f66b21d4f41039caaad0ccfa92a)), closes [#​277](https://togithub.com/panva/jose/issues/277) ### [`v3.19.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3190-2021-09-26) [Compare Source](https://togithub.com/panva/jose/compare/v3.18.0...v3.19.0) ##### Features - return resolved key when verify and decrypt resolve functions are used ([49fb62c](https://togithub.com/panva/jose/commit/49fb62cb96cd9afc854f5102313f16e27c0eb2b4)) ### [`v3.18.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3180-2021-09-22) [Compare Source](https://togithub.com/panva/jose/compare/v3.17.0...v3.18.0) ##### Features - add X.509/SPKI/PKCS8 key import and SPKI/PKCS8 export functions ([a2af0f4](https://togithub.com/panva/jose/commit/a2af0f45fe47b3d73178ab00c18e49fccd2b1432)) ### [`v3.17.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3170-2021-09-10) [Compare Source](https://togithub.com/panva/jose/compare/v3.16.1...v3.17.0) ##### Features - **cloudflare workers:** add support for EdDSA using [`Ed25519`](https://togithub.com/panva/jose/commit/Ed25519) ([0967369](https://togithub.com/panva/jose/commit/09673694027ffc4961c211c12e0b7eb2ac9966f3)) ### [`v3.16.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3161-2021-09-08) [Compare Source](https://togithub.com/panva/jose/compare/v3.16.0...v3.16.1) ##### Fixes - guard Sign payloads and Encrypt plaintext argument types ([10a18f2](https://togithub.com/panva/jose/commit/10a18f28a0f845e91579afab3573730c9b1ae478)) ### [`v3.16.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3160-2021-09-07) [Compare Source](https://togithub.com/panva/jose/compare/v3.15.5...v3.16.0) ##### Features - **node:** support rsa-pss keys in Node.js >= 16.9.0 for sign/verify ([0b112cf](https://togithub.com/panva/jose/commit/0b112cf63ed2a859806531853c37486485740f9c)) ### [`v3.15.5`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3155-2021-09-02) [Compare Source](https://togithub.com/panva/jose/compare/v3.15.4...v3.15.5) ##### Fixes - omit some fetch options when running in Cloudflare Workers env ([ced065a](https://togithub.com/panva/jose/commit/ced065aa9754c625ea88a598025962503e078ae9)), closes [#​255](https://togithub.com/panva/jose/issues/255) ### [`v3.15.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3154-2021-08-20) [Compare Source](https://togithub.com/panva/jose/compare/v3.15.3...v3.15.4) ##### Fixes - **deno:** ignore incomplete webcrypto api type errors ([c5f2262](https://togithub.com/panva/jose/commit/c5f226290ead93b7f43f664fc05c5fec90f38be8)) - **typescript:** generateKeyPair never returns Uint8Array ([73adc01](https://togithub.com/panva/jose/commit/73adc014ad9827067637153a97f230bfdd72cb9b)) ### [`v3.15.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3153-2021-08-20) [Compare Source](https://togithub.com/panva/jose/compare/1d4c49c47cb75263e0fe42e1256f476e76750b59...v3.15.3) ##### Fixes - **typescript:** GeneralJWSInput and GeneralJWS omit ([bc0b42f](https://togithub.com/panva/jose/commit/bc0b42f0f58e802721910ac1bc4d62eb704910ff)) ### [`v3.15.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3152-2021-08-20) [Compare Source](https://togithub.com/panva/jose/compare/db3b93f50247482cdbbac81d21e40f3dd7622679...1d4c49c47cb75263e0fe42e1256f476e76750b59) ### [`v3.15.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3151-2021-08-20) [Compare Source](https://togithub.com/panva/jose/compare/ad1fa46d5b817df3c80cb1b7c9509255f87e150f...db3b93f50247482cdbbac81d21e40f3dd7622679) ##### Fixes - **typescript:** remove file extensions from types/\*\*/\*.d.ts files ([0c432e5](https://togithub.com/panva/jose/commit/0c432e554e7b1f0382efefe44c0053a446c9dcc4)), closes [#​222](https://togithub.com/panva/jose/issues/222) ### [`v3.15.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3150-2021-08-20) [Compare Source](https://togithub.com/panva/jose/compare/v3.14.4...ad1fa46d5b817df3c80cb1b7c9509255f87e150f) ##### Features - experimental Deno build & publish ([5c7d265](https://togithub.com/panva/jose/commit/5c7d2656b6e5659a19c6cb3c4fed73e724fe2f6e)) ##### Fixes - **typescript:** allow sign results to be passed to verify ([59aa96d](https://togithub.com/panva/jose/commit/59aa96d28dd259d9d8b03fcf37b5a703c5e36874)) ### [`v3.14.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3144-2021-08-16) [Compare Source](https://togithub.com/panva/jose/compare/v3.14.3...v3.14.4) ##### Fixes - throw JWEInvalid when jwe protected header is invalid ([991d435](https://togithub.com/panva/jose/commit/991d4350d0357ebad17080644c24bccec844c3b9)) - throw JWSInvalid when jws protected header is invalid ([#​244](https://togithub.com/panva/jose/issues/244)) ([1fc79aa](https://togithub.com/panva/jose/commit/1fc79aa8315fa25e28f63f1c5534d0630fc781dc)) ### [`v3.14.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3143-2021-07-21) [Compare Source](https://togithub.com/panva/jose/compare/v3.14.2...v3.14.3) ##### Fixes - **docs:** update doc links again ([26c4361](https://togithub.com/panva/jose/commit/26c4361c007e3bc7e6ee60b65f9535cecf447fe6)) ### [`v3.14.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3142-2021-07-21) [Compare Source](https://togithub.com/panva/jose/compare/v3.14.1...v3.14.2) ##### Fixes - **docs:** update doc links ([86f9134](https://togithub.com/panva/jose/commit/86f9134248a1746904f4c9f79ee404007ab68858)) ### [`v3.14.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3141-2021-07-21) [Compare Source](https://togithub.com/panva/jose/compare/v3.14.0...v3.14.1) ##### Fixes - **typescript:** export generate key pair result interface ([2b5cc28](https://togithub.com/panva/jose/commit/2b5cc28684bd9cd09de2f774d7326bffe61fe6ea)) ### [`v3.14.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3140-2021-07-02) [Compare Source](https://togithub.com/panva/jose/compare/v3.13.0...v3.14.0) ##### Features - add verbose key type error messages ([df56b94](https://togithub.com/panva/jose/commit/df56b942c64dfdbb14cb860a403742f25ec60b49)) ##### Fixes - **typescript:** remove file extensions from .d.ts files ([e091f0f](https://togithub.com/panva/jose/commit/e091f0f24537541e350e803bd1e657348f428da2)), closes [#​222](https://togithub.com/panva/jose/issues/222) - AES Key Wrap input type check ([b83821b](https://togithub.com/panva/jose/commit/b83821b2bf99fe2051d4d4d89fe4ff18a8559722)) - guard SignJWT.prototype.sign() from missing protected header ([4103719](https://togithub.com/panva/jose/commit/4103719c24d1811306acf7d5290ef15c5afddcfb)), closes [#​221](https://togithub.com/panva/jose/issues/221) - **typescript:** add "jku" header to JoseHeaderParameters ([#​220](https://togithub.com/panva/jose/issues/220)) ([72a72db](https://togithub.com/panva/jose/commit/72a72db7723e06994066d6ad154073387c5bc17c)) ### [`v3.13.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3130-2021-06-22) [Compare Source](https://togithub.com/panva/jose/compare/v3.12.3...v3.13.0) ##### Features - **typescript:** export consume module interface types ([#​213](https://togithub.com/panva/jose/issues/213)) ([13fa3d8](https://togithub.com/panva/jose/commit/13fa3d8ae089b21dace0ea22782451ca77941600)) ### [`v3.12.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3123-2021-06-02) [Compare Source](https://togithub.com/panva/jose/compare/v3.12.2...v3.12.3) ##### Fixes - **browser:** remove the use of a node std-lib in decodeProtectedHeader ([d9d4a5f](https://togithub.com/panva/jose/commit/d9d4a5f2e88ca5172ff753a503bfbdb50522d094)), closes [#​206](https://togithub.com/panva/jose/issues/206) ### [`v3.12.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3122-2021-05-19) [Compare Source](https://togithub.com/panva/jose/compare/v3.12.1...v3.12.2) ##### Performance - **node:** use util.types.is\* helpers when available ([d36311d](https://togithub.com/panva/jose/commit/d36311d5162b3500728937bf25bd2c756f8a33d6)) ### [`v3.12.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3121-2021-05-14) [Compare Source](https://togithub.com/panva/jose/compare/v3.12.0...v3.12.1) ##### Fixes - **browser:** avoid global-conflicting variable name fetch ([#​199](https://togithub.com/panva/jose/issues/199)) ([b2c6273](https://togithub.com/panva/jose/commit/b2c6273eccad5e34cbe0219c521c6453ba71e6c4)) ### [`v3.12.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3120-2021-05-12) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.6...v3.12.0) ##### Features - **webcrypto:** allow generate\* modules extractable: false override ([afae428](https://togithub.com/panva/jose/commit/afae428f39eb920297ef474878d4266172d9a015)) ### [`v3.11.6`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3116-2021-04-30) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.5...v3.11.6) ##### Fixes - swallow promisified crypto.verify errors ([d512ede](https://togithub.com/panva/jose/commit/d512ede0730155051707d60ae8c69ba0492d858f)) ### [`v3.11.5`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3115-2021-04-13) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.4...v3.11.5) ##### Fixes - isObject helper in different vm contexts or jest re-assigned globals ([7819df7](https://togithub.com/panva/jose/commit/7819df73ebf6391377ef3e7623948d8329ac47f5)), closes [#​178](https://togithub.com/panva/jose/issues/178) ### [`v3.11.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3114-2021-04-09) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.3...v3.11.4) ##### Fixes - defer AES CBC w/ HMAC decryption after tag verification passes ([579485c](https://togithub.com/panva/jose/commit/579485cb806e9989643e32a66752d3235cd43f09)) ### [`v3.11.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3113-2021-04-01) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.2...v3.11.3) ##### Fixes - **node:** check CryptoKey algorithm & usage before exporting KeyObject ([dab4b2f](https://togithub.com/panva/jose/commit/dab4b2f03efc5772773e66fdb757db5571deee4d)) ### [`v3.11.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3112-2021-03-30) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.1...v3.11.2) ##### Fixes - assert KeyLike input types, change "any" types to "unknown" ([edb83a8](https://togithub.com/panva/jose/commit/edb83a846a880d316d77ace485641330dd0debb6)) ### [`v3.11.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3111-2021-03-26) [Compare Source](https://togithub.com/panva/jose/compare/v3.11.0...v3.11.1) ##### Fixes - **node:** crypto.verify callback invocation with a private keyobject ([d3d4acd](https://togithub.com/panva/jose/commit/d3d4acd8be612850999309ef7de86c549d5de9c0)) ### [`v3.11.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3110-2021-03-24) [Compare Source](https://togithub.com/panva/jose/compare/v3.10.0...v3.11.0) ##### Features - export error codes as static properties ([89d8003](https://togithub.com/panva/jose/commit/89d80038755be21228a3455a8feca396e76fbcf5)), closes [#​170](https://togithub.com/panva/jose/issues/170) ### [`v3.10.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#3100-2021-03-18) [Compare Source](https://togithub.com/panva/jose/compare/v3.9.0...v3.10.0) ##### Features - **node:** use libuv threadpool to sign in node >= 15.12.0 ([cf5074e](https://togithub.com/panva/jose/commit/cf5074e7e1333728f7632ee6785cc52ef32711bf)) - **node:** use libuv threadpool to verify in node >= 15.12.0 ([ae9a7f4](https://togithub.com/panva/jose/commit/ae9a7f4186da9675820dc2e77786b9ee3f7dd0d0)) - **node:** use native JWK export in node >= 15.9.0 ([7f3cc44](https://togithub.com/panva/jose/commit/7f3cc44bd0508bf15c061500738473eeafdc32d1)) - **node:** use native JWK import in node >= 15.12.0 ([f0c2a64](https://togithub.com/panva/jose/commit/f0c2a6472844c43a92a79ed90b51cc5133a2e22e)) ### [`v3.9.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#390-2021-03-15) [Compare Source](https://togithub.com/panva/jose/compare/v3.8.0...v3.9.0) ##### Features - add named exports for all modules ([5cba6b0](https://togithub.com/panva/jose/commit/5cba6b0fdddd24c2e48623d8aaf48640b3279a43)) ### [`v3.8.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#380-2021-03-12) [Compare Source](https://togithub.com/panva/jose/compare/v3.7.1...v3.8.0) ##### Features - publish alternative Node.js and Browser specific distributions ([7856dad](https://togithub.com/panva/jose/commit/7856dad1031845bfc3cadfdbe609d0f0154f19ce)) ### [`v3.7.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#371-2021-03-11) [Compare Source](https://togithub.com/panva/jose/compare/v3.7.0...v3.7.1) ##### Fixes - swallow invalid signature encoding errors ([e0adf49](https://togithub.com/panva/jose/commit/e0adf49e5789f9fc23afb1e2bd3e330e34b46b78)) ### [`v3.7.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#370-2021-03-02) [Compare Source](https://togithub.com/panva/jose/compare/v3.6.2...v3.7.0) ##### Features - electron >=12.0.0 is now supported (and tested on ci) ([8fffd3e](https://togithub.com/panva/jose/commit/8fffd3e2e1ec0c5f3517a779b42974a4c1beae27)) ##### Fixes - **electron:** only call (de)cipher.setAAD() when aad is not empty ([a5a6c4d](https://togithub.com/panva/jose/commit/a5a6c4dc9f459b88de5f243cf1d4ea620def8d98)) - **electron:** properly ASN.1 encode \[0x00] when converting RSA JWKs ([433f020](https://togithub.com/panva/jose/commit/433f020246a9131f63705a3e1aa99492dac50947)) ### [`v3.6.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#362-2021-02-16) [Compare Source](https://togithub.com/panva/jose/compare/v3.6.1...v3.6.2) ##### Fixes - **typescript:** update maxTokenAge type and examples ([2c358e0](https://togithub.com/panva/jose/commit/2c358e0ea550f19896ccf43724ee8224aa04a664)) ### [`v3.6.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#361-2021-02-10) [Compare Source](https://togithub.com/panva/jose/compare/v3.6.0...v3.6.1) ##### Fixes - node runtime json fetch handles connection errors properly ([fc584b2](https://togithub.com/panva/jose/commit/fc584b2efd9a6e7bf2ac83c6fb0ddf96fb0ca6a5)) ### [`v3.6.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#360-2021-02-04) [Compare Source](https://togithub.com/panva/jose/compare/v3.5.4...v3.6.0) ##### Features - allow CryptoKey instances in a regular non-webcrypto node runtime ([e8d41a9](https://togithub.com/panva/jose/commit/e8d41a933582495c9a9b02d6ec38b46bef8795e1)) ### [`v3.5.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#354-2021-01-26) [Compare Source](https://togithub.com/panva/jose/compare/v3.5.3...v3.5.4) ##### Fixes - export package.json ([8c29107](https://togithub.com/panva/jose/commit/8c29107aea26a54869d8adadceaf0bbf70fb18cd)), closes [#​157](https://togithub.com/panva/jose/issues/157) ### [`v3.5.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#353-2021-01-20) [Compare Source](https://togithub.com/panva/jose/compare/v3.5.2...v3.5.3) ##### Fixes - workaround downstream dependency issues messing with http ([2e58005](https://togithub.com/panva/jose/commit/2e5800535ab72ab35f3abfaab7493163d8b0494e)), closes [#​154](https://togithub.com/panva/jose/issues/154) ### [`v3.5.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#352-2021-01-18) [Compare Source](https://togithub.com/panva/jose/compare/v3.5.1...v3.5.2) ##### Performance - use 'base64url' encoding when available in Node.js runtime ([808f06c](https://togithub.com/panva/jose/commit/808f06cd08b10cf53343afb35802cc6e5b95ea20)) - use KeyObject.prototype asymmetricKeyDetails when available ([ad88ee2](https://togithub.com/panva/jose/commit/ad88ee2cd5bcaee3c3e5ec79735c8172ae2725be)) ### [`v3.5.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#351-2021-01-10) [Compare Source](https://togithub.com/panva/jose/compare/v3.5.0...v3.5.1) ##### Fixes - workaround for RangeError in browser runtime base64url ([ed32b0d](https://togithub.com/panva/jose/commit/ed32b0d46ee570e405e0d88b43aecd8ef6fea129)) ### [`v3.5.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#350-2020-12-17) [Compare Source](https://togithub.com/panva/jose/compare/v3.4.0...v3.5.0) ##### Features - added JWE General JSON Serialization decryption ([16dea9e](https://togithub.com/panva/jose/commit/16dea9ec7d6179471f794a3463bba0c6e77295ff)) ### [`v3.4.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#340-2020-12-16) [Compare Source](https://togithub.com/panva/jose/compare/v3.3.2...v3.4.0) ##### Features - added JWS General JSON Serialization signing ([6fb862c](https://togithub.com/panva/jose/commit/6fb862cf12d34b7dc5077d1872ad29eeac27d21e)), closes [#​129](https://togithub.com/panva/jose/issues/129) - added JWS General JSON Serialization verification ([55b7781](https://togithub.com/panva/jose/commit/55b77810d03a1f7e38e13bec384dece08b74b206)), closes [#​129](https://togithub.com/panva/jose/issues/129) - added utility function for decoding token's protected header ([fa29d68](https://togithub.com/panva/jose/commit/fa29d68cfdf0922c7e4dac24eb50161d1eab28d4)) ### [`v3.3.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#332-2020-12-14) [Compare Source](https://togithub.com/panva/jose/compare/v3.3.1...v3.3.2) ##### Fixes - **typescript:** ref dom lib via triple-slash to fix some compile issues ([175f273](https://togithub.com/panva/jose/commit/175f273819785c29b9ad822dcb5d70073523f504)), closes [#​126](https://togithub.com/panva/jose/issues/126) ### [`v3.3.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#331-2020-12-06) [Compare Source](https://togithub.com/panva/jose/compare/v3.3.0...v3.3.1) ##### Fixes - botched v3.3.0 release ([1c3e116](https://togithub.com/panva/jose/commit/1c3e116976c997f205b917405f010b568d1bd3b9)) ### [`v3.3.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#330-2020-12-06) [Compare Source](https://togithub.com/panva/jose/compare/v3.2.0...v3.3.0) ##### Features - support recognizing proprietary `crit` header parameters ([5163116](https://togithub.com/panva/jose/commit/5163116ca1c091871ed0c601c9fbc1dbe94599cd)), closes [#​123](https://togithub.com/panva/jose/issues/123) ##### Fixes - reject JWTs with b64: false ([691b44a](https://togithub.com/panva/jose/commit/691b44ad4717c82a06539facfedff48fa0e9c6a9)) ### [`v3.2.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#320-2020-12-02) [Compare Source](https://togithub.com/panva/jose/compare/v3.1.3...v3.2.0) ##### Features - allow specifying modulusLength when generating RSA Key Pairs ([5f7a0e9](https://togithub.com/panva/jose/commit/5f7a0e9055256bce4786a53711bcf14cf59fa8f1)), closes [#​121](https://togithub.com/panva/jose/issues/121) ### [`v3.1.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#313-2020-11-26) [Compare Source](https://togithub.com/panva/jose/compare/v3.1.2...v3.1.3) ##### Fixes - **typescript:** refactored how types are published ([2937363](https://togithub.com/panva/jose/commit/29373633bc540ff1e7bfe8fb3e5c5b391e79c2d9)), closes [#​119](https://togithub.com/panva/jose/issues/119) ### [`v3.1.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#312-2020-11-24) [Compare Source](https://togithub.com/panva/jose/compare/v3.1.1...v3.1.2) ##### Fixes - handle globalThis undefined in legacy browsers ([b83c59b](https://togithub.com/panva/jose/commit/b83c59bb43ad14ac932cd0c662f7dfc2c4c62753)) ### [`v3.1.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#311-2020-11-24) [Compare Source](https://togithub.com/panva/jose/compare/v3.1.0...v3.1.1) ##### Fixes - global detection in a browser worker runtime ([56ff8fa](https://togithub.com/panva/jose/commit/56ff8fa65aa045411c6c6a67d80b67c1099576a0)) ### [`v3.1.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#310-2020-11-22) [Compare Source](https://togithub.com/panva/jose/compare/v3.0.2...v3.1.0) ##### Features - added "KeyLike to JWK" module ([7a8418e](https://togithub.com/panva/jose/commit/7a8418eadd68b645fb7edf78873a35980ea8e41d)), closes [#​109](https://togithub.com/panva/jose/issues/109) - allow compact verify/decrypt tokens to be uint8array encoded ([e39c3db](https://togithub.com/panva/jose/commit/e39c3dba75e5ae70697e6a4f93096c492a265c07)) - allow http.Agent and https.Agent passed in remote JWK Set ([38494a8](https://togithub.com/panva/jose/commit/38494a88828a8df2015efa78ca29c1a6317a3a50)) ### [`v3.0.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#302-2020-11-15) [Compare Source](https://togithub.com/panva/jose/compare/v3.0.1...v3.0.2) ##### Fixes - **build:** publish esm submodules ([7b6364f](https://togithub.com/panva/jose/commit/7b6364f26f7654368c9e33af58043ee40e77ec77)), closes [#​104](https://togithub.com/panva/jose/issues/104) ### [`v3.0.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#301-2020-11-15) [Compare Source](https://togithub.com/panva/jose/compare/v3.0.0...v3.0.1) ##### Fixes - **typescript:** fix compiling by adding .d.ts files for runtime modules ([d9cb573](https://togithub.com/panva/jose/commit/d9cb5734d779df26c3e717a9f4f23d18b856dc5f)) ### [`v3.0.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#300-2020-11-14) [Compare Source](https://togithub.com/panva/jose/compare/v2.0.7...v3.0.0) ##### ⚠ BREAKING CHANGES - Revised, Promise-based API - No dependencies - Browser support (using [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)) - Support for verification using a remote JWKS endpoint ##### Features - Revised API, No dependencies, Browser Support, Promises (

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 4 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
mc-app-kit-playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 5, 2024 2:43pm
merchant-center-application-kit-components-playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 5, 2024 2:43pm
changeset-bot[bot] commented 4 months ago

⚠️ No Changeset found

Latest commit: 342981995df081e401fade63f16e0bde40a5e62b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

renovate[bot] commented 4 months ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

CarlosCortizasCT commented 4 months ago

Ok, the current state of the PR is as far I could get but still is not valid.

I managed to update to jose's dependency latest version and update our tests as needed, however, there's a problem with the new version in the testing context.

Example: image

The problem seem related to the new version using the Uint8Array class and this one being problematic in jest. I found this GitHub issue where they talk about this problem but applying the suggested change only makes the tests pass when run in isolation but it fails when all tests are run.

Since this is a dependency we only use for one test suite in the repository, @emmenko mentioned we could maybe just keep the current version and forget about the update. At this point, I also vote for that suggestion.

@commercetools/shield-team-ext-and-infra please let me know your thoughts. 🙏

renovate[bot] commented 2 months ago

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.