Node.js: return Uint8Array (not a Buffer) from base64url.decode
Browser distribution is now built using ES2020 as a target
Node.js distribution is now built using ES2022 as a target
types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, 21, and future releases are the ones that remain supported.
The JWE "zip" (Compression Algorithm) Header Parameter
is no longer supported by this JOSE implementation.
Features
add Date as valid input to timestamp setting functions (bd830a4)
default to an empty payload in JWT producing constructors (98d6ca1)
types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #568
Reverts
Revert "test: fix test under lts/erbium" (b64b6c7)
Node.js: return Uint8Array (not a Buffer) from base64url.decode
Browser distribution is now built using ES2020 as a target
Node.js distribution is now built using ES2022 as a target
types: jwtVerify and jwtDecrypt type argument for the resolved
KeyLike type is now a second optional type argument following a type
for the JWT Claims Set (aka payload)
PBES2 Key Management Algorithms' use in decrypt
functions now requires the use of the keyManagementAlgorithms option
to explicitly opt-in for their use.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps jose from 4.14.6 to 5.1.2.
Release notes
Sourced from jose's releases.
... (truncated)
Changelog
Sourced from jose's changelog.
... (truncated)
Commits
f0d7248
chore(release): 5.1.21bf9cec
fix: do not mutate JWTVerifyOptions.requiredClaimsb7b1e3a
build(deps): bump dessant/lock-threads from 4.0.1 to 5.0.02698401
chore: bump dev depsfbf2b7b
chore: cleanup after releasef39e730
chore(release): 5.1.17c8a7b6
chore: bump dev deps62d8567
chore: bump dev deps01e6903
chore: update dev dependenciesf746da1
refactor: deprecate the RSA1_5 JWE AlgorithmDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show