logto-io / js

🤓 Logto JS SDKs.
https://docs.logto.io/quick-starts/
MIT License
67 stars 40 forks source link

fix(deps): update dependency jose to v5 #569

Closed renovate[bot] closed 12 months ago

renovate[bot] commented 1 year ago

Mend Renovate logo banner

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jose ^4.13.2 -> ^5.0.0 age adoption passing confidence

Release Notes

panva/jose (jose) ### [`v5.1.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#510-2023-11-03) [Compare Source](https://togithub.com/panva/jose/compare/v5.0.2...v5.1.0) ##### Features - add payload generics to jose.decodeJwt ([9de49e2](https://togithub.com/panva/jose/commit/9de49e26956a20cdb94472f10f83b20480613329)), closes [#​604](https://togithub.com/panva/jose/issues/604) ### [`v5.0.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#502-2023-11-02) [Compare Source](https://togithub.com/panva/jose/compare/v5.0.1...v5.0.2) ##### Fixes - **createRemoteJWKSet:** ensure a default user-agent header is present ([887dd3c](https://togithub.com/panva/jose/commit/887dd3cd05f34e06ce20ad00201599a5a469fbac)), closes [#​600](https://togithub.com/panva/jose/issues/600) ### [`v5.0.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#501-2023-10-25) [Compare Source](https://togithub.com/panva/jose/compare/v5.0.0...v5.0.1) ##### Fixes - also use ES2020 in the CDN bundles ([8c4d390](https://togithub.com/panva/jose/commit/8c4d3909db56f2d62cf2bf413e8343c0fdd2b92f)) ### [`v5.0.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#500-2023-10-25) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.4...v5.0.0) ##### ⚠ BREAKING CHANGES - **Node.js:** return Uint8Array (not a Buffer) from base64url.decode - Browser distribution is now built using ES2020 as a target - Node.js distribution is now built using ES2022 as a target - **types:** jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload) - PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use. - importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present. - End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, and 21 and future releases are the ones that remain supported. - The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation. ##### Features - add Date as valid input to timestamp setting functions ([bd830a4](https://togithub.com/panva/jose/commit/bd830a47979912d4c0775d01a05584c2aa9f0dcd)) - default to an empty payload in JWT producing constructors ([98d6ca1](https://togithub.com/panva/jose/commit/98d6ca12c448697ed6342b1230b351eb5bfa0df8)) - **types:** add optional Generics for JWT verify and decrypt ([61bd2a0](https://togithub.com/panva/jose/commit/61bd2a0adb638c1c2469459d78556a99cec697c7)), closes [#​568](https://togithub.com/panva/jose/issues/568) ##### Reverts - Revert "test: fix test under lts/erbium" ([b64b6c7](https://togithub.com/panva/jose/commit/b64b6c731c3e2d0e6751e0221804af08d7015bfa)) ##### Refactor - Browser distribution is now built using ES2020 as a target ([1836684](https://togithub.com/panva/jose/commit/18366840e1ae557b951fe921c5004b17ad56e972)) - drop support for EOL Node.js versions ([b5aee54](https://togithub.com/panva/jose/commit/b5aee542fb5995dd29e012011f832ce8dfd24e29)) - importJWK always returns a Uint8Array for symmetric key inputs ([163e1b0](https://togithub.com/panva/jose/commit/163e1b02ed5b64368110d750c9f5f5c3d247042d)) - Node.js distribution is now built using ES2022 as a target ([239697a](https://togithub.com/panva/jose/commit/239697a17d048b8eb2120d29adff7f98edc0f26e)) - **Node.js:** return Uint8Array (not a Buffer) from base64url.decode ([02d5182](https://togithub.com/panva/jose/commit/02d51827e24195d650cf83de100ae16cd8b0599e)) - PBES2 Algorithms require explicit opt-in during verification ([e2da031](https://togithub.com/panva/jose/commit/e2da031381b7c5327ea9a0ccf58f059fa8af7e92)) - remove support for JWE "zip" (Compression Algorithm) Header Parameter ([16998b1](https://togithub.com/panva/jose/commit/16998b15c75d90b64eb5b0fa0713cfdfa7896757)) - **types:** rename type parameters for the KeyLike returns ([eddd400](https://togithub.com/panva/jose/commit/eddd400235e84e3d84c1a8471b01915a12d3d866)) - update allow list error messages ([fe8114c](https://togithub.com/panva/jose/commit/fe8114c82646f2468857effb934f39dd7bc75902)) ### [`v4.15.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4154-2023-10-14) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.3...v4.15.4) ##### Fixes - **types:** export GetKeyFunction ([#​592](https://togithub.com/panva/jose/issues/592)) ([936c9df](https://togithub.com/panva/jose/commit/936c9dff2bc124dc5f64906a96f665a28e57392c)), closes [#​591](https://togithub.com/panva/jose/issues/591) ### [`v4.15.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4153-2023-10-11) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.2...v4.15.3) ### [`v4.15.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4152-2023-10-04) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.1...v4.15.2) ##### Fixes - **build:** add a node target for jose-browser-runtime releases ([abb63d0](https://togithub.com/panva/jose/commit/abb63d0e8e7a55326dc343eec5f5eee9addc1dcf)) ### [`v4.15.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4151-2023-10-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.15.0...v4.15.1) ##### Fixes - resolve missing types for the cryptoRuntime const ([1627965](https://togithub.com/panva/jose/commit/16279652a67133fba0db7c9879767f000a8f1662)) ### [`v4.15.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4150-2023-10-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.6...v4.15.0) ##### Features - export the used crypto runtime as a constant ([0681dda](https://togithub.com/panva/jose/commit/0681dda1592a82c22a18981002b3763c502d0fc4)) ### [`v4.14.6`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4146-2023-09-04) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.5...v4.14.6) ##### Fixes - **build:** publish bundle and umd files with jose-browser-runtime module ([62fcbcc](https://togithub.com/panva/jose/commit/62fcbcc2170db00f5bbfc817839523dbf970239f)), closes [#​571](https://togithub.com/panva/jose/issues/571) ### [`v4.14.5`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4145-2023-09-02) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.4...v4.14.5) ##### Refactor - catch type error when decoding base64url signature ([#​569](https://togithub.com/panva/jose/issues/569)) ([935e920](https://togithub.com/panva/jose/commit/935e920d29d242e0446d365b1e4f0449d144c23c)) - catch type errors when decoding various base64url strings ([9024e87](https://togithub.com/panva/jose/commit/9024e870ece4ef121205dadc733c36d7978b97ab)) ### [`v4.14.4`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4144-2023-04-30) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.3...v4.14.4) ##### Refactor - cleanup NODE-ED25519 workerd workarounds ([072e83d](https://togithub.com/panva/jose/commit/072e83de5bf3a15775b0bf25ef8afa8851b8862d)) ### [`v4.14.3`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4143-2023-04-27) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.2...v4.14.3) ##### Reverts - Revert "fix(types): headers and payloads may only be JSON values and primitives" ([06d8101](https://togithub.com/panva/jose/commit/06d8101a5827a69bb25c2847b1a10d03f015db03)), closes [#​534](https://togithub.com/panva/jose/issues/534) ### [`v4.14.2`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4142-2023-04-26) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.1...v4.14.2) ##### Fixes - **types:** headers and payloads may only be JSON values and primitives ([24f306e](https://togithub.com/panva/jose/commit/24f306e7f33485daaba1e250dfc97b5f621079ad)) ### [`v4.14.1`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4141-2023-04-20) [Compare Source](https://togithub.com/panva/jose/compare/v4.14.0...v4.14.1) ### [`v4.14.0`](https://togithub.com/panva/jose/blob/HEAD/CHANGELOG.md#4140-2023-04-14) [Compare Source](https://togithub.com/panva/jose/compare/v4.13.2...v4.14.0) ##### Features - add requiredClaims JWT validation option ([eeea91d](https://togithub.com/panva/jose/commit/eeea91df48cadda84e4fdce6bbba7251ca7af83f))

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.