Chore(deps): bump jose and postman-runtime

[dependabot[bot]]

Bumps jose to 5.4.1 and updates ancestor dependency postman-runtime. These dependencies need to be updated together.

Updates jose from 4.14.4 to 5.4.1

Release notes

Sourced from jose's releases.

v5.4.1

Fixes

• ensure latest release on npm is v5.x (a9b2a30)

v5.4.0

Features

• expose JWT's payload in JWTClaimValidationFailed instances (58bcffb), closes #680

Refactor

• add explicit return types everywhere (cc2b2d7)

v5.3.0

Features

• allow observing remote JWKS resolver state and its manual reload (fa8b639)

Refactor

• if should not be the only statement in else blocks (a6b716b)

v5.2.4

Refactor

• use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c)

v5.2.3

Refactor

• move iv generation and optional outputs around (05c4351)

v5.2.2

Fixes

• types: iv and tag is optional in JSON serializations (53019cd)

v5.2.1

Fixes

• build: refactor export targets for browser, node cjs, and node esm builds (50cbc65)

v5.2.0

Features

• extend JWT NumericDate setter syntax (ae363c3)

... (truncated)

Changelog

Sourced from jose's changelog.

5.4.1 (2024-06-18)

Fixes

• ensure latest release on npm is v5.x (a9b2a30)

5.4.0 (2024-06-03)

Features

• expose JWT's payload in JWTClaimValidationFailed instances (58bcffb), closes #680

Refactor

• add explicit return types everywhere (cc2b2d7)

5.3.0 (2024-05-10)

Features

• allow observing remote JWKS resolver state and its manual reload (fa8b639)

Refactor

• if should not be the only statement in else blocks (a6b716b)

5.2.4 (2024-04-07)

Refactor

• use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c)

5.2.3 (2024-03-07)

Refactor

• move iv generation and optional outputs around (05c4351)

5.2.2 (2024-02-11)

Fixes

... (truncated)

Commits

• 34c5182 chore(release): 5.4.1
• a9b2a30 fix: ensure latest release on npm is v5.x
• 19bfcc6 chore: bump dev deps
• c1a852c docs: clarify JWTClaimValidationFailed error instance payload property
• 1eab369 chore: bump dev deps
• cd691b2 chore: bump dev deps
• 8bea326 chore: bump dev deps
• 3c4ad55 chore: bump dev deps
• d0226f9 chore: cleanup after release
• 821b275 chore(release): 5.4.0
• Additional commits viewable in compare view

Updates postman-runtime from 7.39.0 to 7.40.0

Changelog

Sourced from postman-runtime's changelog.

7.40.0: date: 2024-06-19 new features: - GH-1415 Added support for top-level await in scripts chores: - GH-1415 Updated postman-sandbox to v5.0.0 - GH-1418 Dropped support for Node.js < v16 - GH-1418 Updated ESLint rules - GH-1418 Updated dependencies

7.39.1: date: 2024-06-14 chores: - Bumped postman-request dependency

Commits

• 4896998 Merge branch 'release/7.40.0'
• 21e5b70 Release v7.40.0
• 47af0dc Update dependencies
• 698ac95 Bump ws, engine.io and socket.io-adapter (#1422)
• 25534d4 Bump braces from 3.0.2 to 3.0.3 (#1419)
• 1eb5e76 Updated postman-sandbox (#1415)
• 166f384 Dropped support for node < 16 (#1418)
• 88f9656 Merge branch 'release/7.39.1' into develop
• 49ab354 Merge branch 'release/7.39.1'
• 1705eac Release v7.39.1
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/postmanlabs/newman/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.