Skip to content

fix(deps): update dependency jose to v6 (5.x) #829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 25, 2025
Merged

fix(deps): update dependency jose to v6 (5.x) #829

merged 2 commits into from
Feb 25, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 24, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jose 5.10.0 -> 6.0.6 age adoption passing confidence

Release Notes

panva/jose (jose)

v6.0.6

Compare Source

Refactor
Documentation
  • add various exported symbol descriptions (3b8ff71)
  • add various exported symbol descriptions (fc4e7da)
  • add various exported symbol descriptions (74f02c8)
  • update base64url function descriptions (03d72c8)

v6.0.5

Compare Source

Refactor
Documentation
  • add various exported symbol descriptions (f52c2ff)

v6.0.4

Compare Source

Refactor
  • optimize base64 with tc39/proposal-arraybuffer-base64 (8a0da69), closes #​752
  • update getSPKI to use crypto.createPublicKey when available (92392a0), closes #​752
  • use Double HMAC pattern for AES-CBC tag comparison (f3ba4c7), closes #​752

v6.0.3

Compare Source

Documentation
  • remove root module tag so that README.md shows up on jsr.io (ee70698)

v6.0.2

Compare Source

Documentation
  • add module tags to all entrypoints (a5687aa)

v6.0.1

Compare Source

Fixes
  • types: update build to include extensions in type imports (9b96672)

v6.0.0

Compare Source

⚠ BREAKING CHANGES
  • The PEMImportOptions type interface is renamed to KeyImportOptions.
  • all builds and bundles now use ES2022 as target
  • createRemoteJWKSet now uses fetch, because of that its Node.js only options.agent property has been removed and new fetch-related options were added
  • drop support for Ed448 and X448
  • drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey"
  • resolved keys returned as part of verify/decrypt operations (when get key functions are used) are always normalized to either Uint8Array / CryptoKey depending on what's more efficient for the executed operation
  • Key "Type" Generics are removed
  • CJS-style require is now only possible when require(esm) support is present in the Node.js runtime
  • private KeyObject instances can no longer be used for verify operations
  • private KeyObject instances can no longer be used for encryption operations
  • generateSecret, generateKeyPair, importPKCS8, importSPKI, importJWK, and importX509 now yield a CryptoKey instead of a KeyObject in Node.js
  • drop support for Node.js 18.x and earlier
  • runtime-specific npm releases (jose-browser-runtime, jose-node-cjs-runtime, and jose-node-esm-runtime) are no longer maintained or supported
  • removed secp256k1 JWS support
  • removed deprecated experimental APIs
  • removed RSA1_5 JWE support
Features
  • enable CryptoKey and KeyObject inputs in JWK thumbprint functions (6fc9c44)
  • JSON Web Key is now an allowed input everywhere (ebda967)
Refactor
  • always use infered CryptoKey (c4abaa2)
  • backport the Ed25519 JWS Algorithm Identifier support (7a94cb9)
  • drop support for Ed448 and X448 (2fae1c4)
  • drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey" (ef918be)
  • ensure export functions continue to work with KeyObject inputs (28e9e68)
  • hardcode the cryptoRuntime export since it is now always WebCryptoAPI (e00f273)
  • JWK import extractable default for public keys is now true (64dcebe)
  • PEM import extractable default for public keys is now true (4e9f114)
  • removed deprecated APIs (5352083)
  • removed secp256k1 JWS support (e2b58a5)
  • restructure src/lib and src/runtime now that runtime is fixed (9b236ce)
  • target is now ES2022 everywhere (aa590d5)
  • update importJWK args to align with other import functions (355a2dd)
  • WebCryptoAPI is now the only crypto used (161de46)

Configuration

📅 Schedule: Branch creation - "after 2pm on Monday" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

This PR will trigger a patch release when merged.

@codecov Codecov
Copy link

codecov bot commented Feb 25, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (f7d3d64) to head (b128823).
Report is 3 commits behind head on 5.x.

Additional details and impacted files 
@@            Coverage Diff            @@
##               5.x      #829   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           50        50           
  Lines         4559      4559           
=========================================
  Hits          4559      4559

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@tripodsan tripodsan merged commit 03e3eb0 into 5.x Feb 25, 2025
7 checks passed
@tripodsan tripodsan deleted the renovate-5.x-major-external-major branch February 25, 2025 14:47
github-actions bot pushed a commit that referenced this pull request Feb 25, 2025
@semantic-release-bot
chore(release): 5.14.7 [skip ci]
d8050a3 
## [5.14.7](v5.14.6...v5.14.7) (2025-02-25)

### Bug Fixes

* **deps:** update dependency jose to v6 (5.x) ([#829](#829)) ([03e3eb0](03e3eb0))
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 5.14.7 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released on @5.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tripodsan