chore(deps): bump jose from 4.6.0 to 4.13.0 in /relying-party

[dependabot[bot]]

Bumps jose from 4.6.0 to 4.13.0.

Release notes

Sourced from jose's releases.

v4.13.0

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

v4.12.2

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

v4.12.1

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

v4.12.0

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))
const options = {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
.jwtVerify(jwt, JWKS, options)
.catch(async (error) => {
if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') {
for await (const publicKey of error) {
try {
return await jose.jwtVerify(jwt, publicKey, options)
} catch (innerError) {
if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') {
continue
}
throw innerError
}
}
throw new jose.errors.JWSSignatureVerificationFailed()
}
</tr></table>

... (truncated)

Changelog

Sourced from jose's changelog.

4.13.0 (2023-02-27)

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

4.12.2 (2023-02-27)

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

4.12.1 (2023-02-27)

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

4.12.0 (2023-02-15)

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

4.11.4 (2023-02-07)

Fixes

• build: ignore deno files in npm publishes (b3d6a11)

4.11.3 (2023-02-07)

Fixes

• CF Workers: improve miniflare compat with different Node.js versions, get ready for future non-proprietary support (3406b9f), closes #446 #495 #497

4.11.2 (2023-01-01)

... (truncated)

Commits

• 3b8f769 chore(release): 4.13.0
• 6effa4d feat(types): allow generics to aid in CryptoKey or KeyObject narrowing of Key...
• 20610a9 fix: make jose.EmbeddedJWK arguments optional
• 92ce7c2 chore: cleanup after publish
• 0c5b164 chore(release): 4.12.2
• 46934ac fix(types): declare explicit return from EmbeddedJWK
• 50b88b2 chore: cleanup after publish
• 9f7611c chore(release): 4.12.1
• 4b25ebb docs: clarify importX509 example in imports
• a554d37 chore: bump dev deps
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #89.