Skip to content
This repository has been archived by the owner on Jan 3, 2025. It is now read-only.

Bump jose from 4.14.6 to 5.0.1 in /Frontend #310

Merged
merged 1 commit into from
Nov 1, 2023
Merged

Bump jose from 4.14.6 to 5.0.1 in /Frontend #310

merged 1 commit into from
Nov 1, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2023
edited
Loading

Bumps jose from 4.14.6 to 5.0.1.

Release notes

Sourced from jose's releases.

v5.0.1

Fixes

  • also use ES2020 in the CDN bundles (8c4d390)

v5.0.0

⚠ BREAKING CHANGES

  • Node.js: return Uint8Array (not a Buffer) from base64url.decode
  • Browser distribution is now built using ES2020 as a target
  • Node.js distribution is now built using ES2022 as a target
  • types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
  • PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
  • importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
  • End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, 21, and future releases are the ones that remain supported.
  • The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.

Features

  • add Date as valid input to timestamp setting functions (bd830a4)
  • default to an empty payload in JWT producing constructors (98d6ca1)
  • types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #568

Reverts

  • Revert "test: fix test under lts/erbium" (b64b6c7)

Refactor

  • Browser distribution is now built using ES2020 as a target (1836684)
  • drop support for EOL Node.js versions (b5aee54)
  • importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
  • Node.js distribution is now built using ES2022 as a target (239697a)
  • Node.js: return Uint8Array (not a Buffer) from base64url.decode (02d5182)
  • PBES2 Algorithms require explicit opt-in during verification (e2da031)
  • remove support for JWE "zip" (Compression Algorithm) Header Parameter (16998b1)
  • types: rename type parameters for the KeyLike returns (eddd400)
  • update allow list error messages (fe8114c)

v4.15.4

Fixes

v4.15.3

This release contains only Node.js CITGM related test updates.

... (truncated)

Changelog

Sourced from jose's changelog.

5.0.1 (2023-10-25)

Fixes

  • also use ES2020 in the CDN bundles (8c4d390)

5.0.0 (2023-10-25)

⚠ BREAKING CHANGES

  • Node.js: return Uint8Array (not a Buffer) from base64url.decode
  • Browser distribution is now built using ES2020 as a target
  • Node.js distribution is now built using ES2022 as a target
  • types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
  • PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
  • importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
  • End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, and 21 and future releases are the ones that remain supported.
  • The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.

Features

  • add Date as valid input to timestamp setting functions (bd830a4)
  • default to an empty payload in JWT producing constructors (98d6ca1)
  • types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #568

Reverts

  • Revert "test: fix test under lts/erbium" (b64b6c7)

Refactor

  • Browser distribution is now built using ES2020 as a target (1836684)
  • drop support for EOL Node.js versions (b5aee54)
  • importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
  • Node.js distribution is now built using ES2022 as a target (239697a)

... (truncated)

Commits
  • bee688f chore(release): 5.0.1
  • 8c4d390 fix: also use ES2020 in the CDN bundles
  • 7b03843 chore: cleanup after release
  • c7e7756 chore(release): 5.0.0
  • 9b2b725 docs: update README.md
  • 02d5182 refactor(Node.js)!: return Uint8Array (not a Buffer) from base64url.decode
  • 66a304a chore: unleash prettier on tsconfig files
  • 6498b30 build: update base lib
  • 2742ed4 test(deno): use npm-installed qunit over CDN distro
  • 1836684 refactor!: Browser distribution is now built using ES2020 as a target
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 1, 2023
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/Frontend/jose-5.0.1 branch 2 times, most recently from 8160f77 to 19bcb1b Compare November 1, 2023 21:35
@dependabot
Bump jose from 4.14.6 to 5.0.1 in /Frontend
9f1a19a 
Bumps [jose](https://github.com/panva/jose) from 4.14.6 to 5.0.1.
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md)
- [Commits](panva/jose@v4.14.6...v5.0.1)

---
updated-dependencies:
- dependency-name: jose
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/Frontend/jose-5.0.1 branch from 19bcb1b to 9f1a19a Compare November 1, 2023 21:57
@FinnIckler FinnIckler merged commit e30ab95 into main Nov 1, 2023
1 check passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/Frontend/jose-5.0.1 branch November 1, 2023 22:05
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
No open projects
WST Project Management
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@FinnIckler