fix(deps): update dependency jose to v6 #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

descope wants to merge 1 commit into main from renovate/jose-6.x

Contributor

descope bot commented Mar 23, 2025 •

edited

Loading

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
jose	dependencies	major	`5.2.2` -> `6.0.11`

Release Notes

panva/jose (jose)

`v6.0.11`

Fixes

typ checking edge-cases when it contains a slash (/) character (31e4baf)

`v6.0.10`

Refactor

removed unused claims methods (74719cf)
reorganize jwt claim set utils (1f12d88)

`v6.0.9`

Documentation

add more symbol document, ignore ts-private fields (8b73687)
bump typedoc (6163a8b)
drop cdnjs links in README (a910038)
drop denoland/x links in README and add jsr (3662b9e)
fix key export links from docs/README.md (c8edfc2)

Refactor

always assume structuredClone is present (f7898a9)
hide internal private fields and drop ProduceJWT inheritance (ab18881)
less objects when JWE JWT Replicated Header Parameters are used (c763a0e)

`v6.0.8`

Fixes

export [customFetch] symbol from the default entrypoint (1615614), closes #762

`v6.0.7`

Documentation

improve generate key/secret and import function descriptions (cd06359)

Fixes

use [customFetch] when provided to createRemoteJWKSet (35f6509), closes #760

`v6.0.6`

Refactor

move base64url around (e1350ef)

Documentation

add various exported symbol descriptions (3b8ff71)
add various exported symbol descriptions (fc4e7da)
add various exported symbol descriptions (74f02c8)
update base64url function descriptions (03d72c8)

`v6.0.5`

Refactor

types: make JWKParameters.kty compatible with @types/node and @types/web (bb6ccfe)

Documentation

add various exported symbol descriptions (f52c2ff)

`v6.0.4`

Refactor

optimize base64 with tc39/proposal-arraybuffer-base64 (8a0da69), closes #752
update getSPKI to use crypto.createPublicKey when available (92392a0), closes #752
use Double HMAC pattern for AES-CBC tag comparison (f3ba4c7), closes #752

`v6.0.3`

Documentation

remove root module tag so that README.md shows up on jsr.io (ee70698)

`v6.0.2`

Documentation

add module tags to all entrypoints (a5687aa)

`v6.0.1`

Fixes

typ checking edge-cases when it contains a slash (/) character (31e4baf)

`v6.0.0`

⚠ BREAKING CHANGES

The PEMImportOptions type interface is renamed to KeyImportOptions.
all builds and bundles now use ES2022 as target
createRemoteJWKSet now uses fetch, because of that its Node.js only options.agent property has been removed and new fetch-related options were added
drop support for Ed448 and X448
drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey"
resolved keys returned as part of verify/decrypt operations (when get key functions are used) are always normalized to either Uint8Array / CryptoKey depending on what's more efficient for the executed operation
Key "Type" Generics are removed
CJS-style require is now only possible when require(esm) support is present in the Node.js runtime
private KeyObject instances can no longer be used for verify operations
private KeyObject instances can no longer be used for encryption operations
generateSecret, generateKeyPair, importPKCS8, importSPKI, importJWK, and importX509 now yield a CryptoKey instead of a KeyObject in Node.js
drop support for Node.js 18.x and earlier
runtime-specific npm releases (jose-browser-runtime, jose-node-cjs-runtime, and jose-node-esm-runtime) are no longer maintained or supported
removed secp256k1 JWS support
removed deprecated experimental APIs
removed RSA1_5 JWE support

Features

enable CryptoKey and KeyObject inputs in JWK thumbprint functions (6fc9c44)
JSON Web Key is now an allowed input everywhere (ebda967)

Refactor

always use infered CryptoKey (c4abaa2)
backport the Ed25519 JWS Algorithm Identifier support (7a94cb9)
drop support for Ed448 and X448 (2fae1c4)
drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey" (ef918be)
ensure export functions continue to work with KeyObject inputs (28e9e68)
hardcode the cryptoRuntime export since it is now always WebCryptoAPI (e00f273)
JWK import extractable default for public keys is now true (64dcebe)
PEM import extractable default for public keys is now true (4e9f114)
removed deprecated APIs (5352083)
removed secp256k1 JWS support (e2b58a5)
restructure src/lib and src/runtime now that runtime is fixed (9b236ce)
target is now ES2022 everywhere (aa590d5)
update importJWK args to align with other import functions (355a2dd)
WebCryptoAPI is now the only crypto used (161de46)

`v5.10.0`

Features

support fully specified Ed25519 algorithm identifier (c39f57d)

`v5.9.6`

Reverts

Revert "refactor(build): simplify package exports" (2ef3a52)

`v5.9.5`

Refactor

build: simplify package exports (4783f7f)

`v5.9.4`

Refactor

types: update error definitions (510c5ca)

`v5.9.3`

Refactor

use as Type for type assertions instead of (c4dc24d)

`v5.9.2`

Refactor

types: remove index signatures from JWK interfaces (ccf0cda)

`v5.9.1`

Fixes

types: add missing index signature on the convenience JWK types (90a93dc)

`v5.9.0`

Features

allow JWK objects as "key" input to sign and verify (c6302ea)

`v5.8.0`

Features

add subpath module exports (72ecff6)

Refactor

omit LocalJWKSet export since it's no longer needed for RemoteJWKSet (c502731)

`v5.7.0`

Features

graduate jwksCache to stable API (0f09c12)

`v5.6.3`

Fixes

add sideEffects:false to nested ESM package.json files (f3aff1c)

`v5.6.2`

Refactor

CryptoKey normalization is not always async (b7751f5)
weak cache normalized CryptoKey instances (32b25a5)

Fixes

ensure KeyObject type in Web API encrypt/decrypt (b7920bd)

`v5.6.1`

Refactor

normalize is always defined for Web API runtimes (7bcb103)

Fixes

workaround turbo's eager optimizations (723a042), closes #690

`v5.6.0`

Features

support KeyObject inputs in WebCryptoAPI runtimes given compatibility (e178b8f)

`v5.5.0`

Features

add experimental support for edge compute runtimes JWKS caching (ab166e2), closes #551 #661 #653 #415

`v5.4.1`

Fixes

ensure latest release on npm is v5.x (a9b2a30)

`v5.4.0`

Features

expose JWT's payload in JWTClaimValidationFailed instances (58bcffb), closes #680

Refactor

add explicit return types everywhere (cc2b2d7)

`v5.3.0`

Features

allow observing remote JWKS resolver state and its manual reload (fa8b639)

Refactor

if should not be the only statement in else blocks (a6b716b)

`v5.2.4`

Refactor

use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c)

`v5.2.3`

Refactor

move iv generation and optional outputs around (05c4351)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

descope bot added the renovate label

descope bot force-pushed the renovate/jose-6.x branch 7 times, most recently from 6ff1d1e to d0a76d5 Compare

April 2, 2025 12:23

descope bot force-pushed the renovate/jose-6.x branch 4 times, most recently from d67e57d to 60cd30b Compare

April 10, 2025 16:48

descope bot force-pushed the renovate/jose-6.x branch 4 times, most recently from 464f101 to 7b259cf Compare

April 22, 2025 06:49


          fix(deps): update dependency jose to v6

5a8d5ff

descope bot force-pushed the renovate/jose-6.x branch from 7b259cf to 5a8d5ff Compare

May 26, 2025 13:35

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels