fix(deps): update dependency aws-jwt-verify to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
aws-jwt-verify	^3.4.0 || ^4.0.0 -> ^3.4.0 || ^4.0.0 || ^5.0.0
aws-jwt-verify	^4.0.0 -> ^5.0.0

---

Release Notes

awslabs/aws-jwt-verify (aws-jwt-verify)

v5.0.0

Compare Source

Notable new features in v5.0.0:

• Support for ECDSA and EdDSA algorithms:
  • ES256
  • ES384
  • ES512
  • Ed25519
  • Ed448
• Allow padding characters (even though non-standard) so e.g. AWS ALB JWTs can be verified with this library (however work is still underway to make that easier still, see #​176 )
• The default response timeout of the JWKS fetcher was increased from 1500 ms. to 3000 ms. because multiple users reported the previous 1500 ms. being too low--they were hitting timeouts too often. We believe the 3000 ms. is a better, more reasonable, default value.

Breaking changes

This release includes breaking changes, hence moving to major version 5.0.0:

• Dropped support for Node.js 14, now 16 is the minimum.
• The fetchJson interface was changed and renamed to fetch. Thus the JsonFetcher was renamed to Fetcher, and corresponding changes were made in the SimpleJwksCache see #​167. So, this affects users who were using the SimpleJsonFetcher, potentially to increase the response timeout (maybe that's no longer needed now, as we raised the default value from 1500 ms. to 3000 ms.).
• It is now allowed to use an explicit null as issuer. This would throw JwtInvalidIssuerError before, see #​183. This affects users who were counting on null issuer throwing JwtInvalidIssuerError. It is expected that this is rare and the handling of undefined remains unchanged. But if you did depend on the prior behavior (we can't see why you would but who knows), you're affected, and will need to guard against passing a null issuer, if you don't want to allow that, yourself.

What's Changed

• Bump vite from 4.5.2 to 4.5.3 in /tests/vite-app by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/157
• Bump ws from 7.5.7 to 7.5.10 in /tests/cognito by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/161
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/160
• Bump braces from 3.0.2 to 3.0.3 in /tests/vite-app by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/162
• Bump braces from 3.0.2 to 3.0.3 in /tests/cognito by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/163
• Support for ES256/ES384/ES512 by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/164
• Bump webpack from 5.88.2 to 5.94.0 in /tests/vite-app by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/172
• Refactor fetching to support fetching non-JSON JWKS by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/167
• Bump vite from 5.3.2 to 5.3.6 in /tests/vite-app by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/174
• Bump rollup from 4.18.0 to 4.22.4 in /tests/vite-app by @​dependabot in https://github.com/awslabs/aws-jwt-verify/pull/175
• fix/ecdsa verification to use raw signature format per jwa spec by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/179
• Add (very) minimal support for AWS ALB by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/180
• fix: actually use custom error object by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/182
• Feat/eddsa support by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/181
• feat: Allow issuer null by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/183
• v5.0.0 by @​ottokruse in https://github.com/awslabs/aws-jwt-verify/pull/184

Full Changelog: awslabs/aws-jwt-verify@v4.0.1...v5.0.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.