From 9443c8cb9ce630ba9ae1161282e866bb38246cf9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 21:21:52 +0000 Subject: [PATCH] fix(deps): update dependency jose to v5 (#281) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jose](https://github.com/panva/jose) | [`^4.13.1` -> `^5.0.0`](https://renovatebot.com/diffs/npm/jose/4.13.2/5.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jose/5.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jose/5.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jose/4.13.2/5.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jose/4.13.2/5.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
panva/jose (jose) ### [`v5.0.1`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#501-2023-10-25) [Compare Source](https://github.com/panva/jose/compare/v5.0.0...v5.0.1) ##### Fixes - also use ES2020 in the CDN bundles ([8c4d390](https://github.com/panva/jose/commit/8c4d3909db56f2d62cf2bf413e8343c0fdd2b92f)) ### [`v5.0.0`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#500-2023-10-25) [Compare Source](https://github.com/panva/jose/compare/v4.15.4...v5.0.0) ##### ⚠ BREAKING CHANGES - **Node.js:** return Uint8Array (not a Buffer) from base64url.decode - Browser distribution is now built using ES2020 as a target - Node.js distribution is now built using ES2022 as a target - **types:** jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload) - PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use. - importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present. - End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, and 21 and future releases are the ones that remain supported. - The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation. ##### Features - add Date as valid input to timestamp setting functions ([bd830a4](https://github.com/panva/jose/commit/bd830a47979912d4c0775d01a05584c2aa9f0dcd)) - default to an empty payload in JWT producing constructors ([98d6ca1](https://github.com/panva/jose/commit/98d6ca12c448697ed6342b1230b351eb5bfa0df8)) - **types:** add optional Generics for JWT verify and decrypt ([61bd2a0](https://github.com/panva/jose/commit/61bd2a0adb638c1c2469459d78556a99cec697c7)), closes [#​568](https://github.com/panva/jose/issues/568) ##### Reverts - Revert "test: fix test under lts/erbium" ([b64b6c7](https://github.com/panva/jose/commit/b64b6c731c3e2d0e6751e0221804af08d7015bfa)) ##### Refactor - Browser distribution is now built using ES2020 as a target ([1836684](https://github.com/panva/jose/commit/18366840e1ae557b951fe921c5004b17ad56e972)) - drop support for EOL Node.js versions ([b5aee54](https://github.com/panva/jose/commit/b5aee542fb5995dd29e012011f832ce8dfd24e29)) - importJWK always returns a Uint8Array for symmetric key inputs ([163e1b0](https://github.com/panva/jose/commit/163e1b02ed5b64368110d750c9f5f5c3d247042d)) - Node.js distribution is now built using ES2022 as a target ([239697a](https://github.com/panva/jose/commit/239697a17d048b8eb2120d29adff7f98edc0f26e)) - **Node.js:** return Uint8Array (not a Buffer) from base64url.decode ([02d5182](https://github.com/panva/jose/commit/02d51827e24195d650cf83de100ae16cd8b0599e)) - PBES2 Algorithms require explicit opt-in during verification ([e2da031](https://github.com/panva/jose/commit/e2da031381b7c5327ea9a0ccf58f059fa8af7e92)) - remove support for JWE "zip" (Compression Algorithm) Header Parameter ([16998b1](https://github.com/panva/jose/commit/16998b15c75d90b64eb5b0fa0713cfdfa7896757)) - **types:** rename type parameters for the KeyLike returns ([eddd400](https://github.com/panva/jose/commit/eddd400235e84e3d84c1a8471b01915a12d3d866)) - update allow list error messages ([fe8114c](https://github.com/panva/jose/commit/fe8114c82646f2468857effb934f39dd7bc75902)) ### [`v4.15.4`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4154-2023-10-14) [Compare Source](https://github.com/panva/jose/compare/v4.15.3...v4.15.4) ##### Fixes - **types:** export GetKeyFunction ([#​592](https://github.com/panva/jose/issues/592)) ([936c9df](https://github.com/panva/jose/commit/936c9dff2bc124dc5f64906a96f665a28e57392c)), closes [#​591](https://github.com/panva/jose/issues/591) ### [`v4.15.3`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4153-2023-10-11) [Compare Source](https://github.com/panva/jose/compare/v4.15.2...v4.15.3) ### [`v4.15.2`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4152-2023-10-04) [Compare Source](https://github.com/panva/jose/compare/v4.15.1...v4.15.2) ##### Fixes - **build:** add a node target for jose-browser-runtime releases ([abb63d0](https://github.com/panva/jose/commit/abb63d0e8e7a55326dc343eec5f5eee9addc1dcf)) ### [`v4.15.1`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4151-2023-10-02) [Compare Source](https://github.com/panva/jose/compare/v4.15.0...v4.15.1) ##### Fixes - resolve missing types for the cryptoRuntime const ([1627965](https://github.com/panva/jose/commit/16279652a67133fba0db7c9879767f000a8f1662)) ### [`v4.15.0`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4150-2023-10-02) [Compare Source](https://github.com/panva/jose/compare/v4.14.6...v4.15.0) ##### Features - export the used crypto runtime as a constant ([0681dda](https://github.com/panva/jose/commit/0681dda1592a82c22a18981002b3763c502d0fc4)) ### [`v4.14.6`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4146-2023-09-04) [Compare Source](https://github.com/panva/jose/compare/v4.14.5...v4.14.6) ##### Fixes - **build:** publish bundle and umd files with jose-browser-runtime module ([62fcbcc](https://github.com/panva/jose/commit/62fcbcc2170db00f5bbfc817839523dbf970239f)), closes [#​571](https://github.com/panva/jose/issues/571) ### [`v4.14.5`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4145-2023-09-02) [Compare Source](https://github.com/panva/jose/compare/v4.14.4...v4.14.5) ##### Refactor - catch type error when decoding base64url signature ([#​569](https://github.com/panva/jose/issues/569)) ([935e920](https://github.com/panva/jose/commit/935e920d29d242e0446d365b1e4f0449d144c23c)) - catch type errors when decoding various base64url strings ([9024e87](https://github.com/panva/jose/commit/9024e870ece4ef121205dadc733c36d7978b97ab)) ### [`v4.14.4`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4144-2023-04-30) [Compare Source](https://github.com/panva/jose/compare/v4.14.3...v4.14.4) ##### Refactor - cleanup NODE-ED25519 workerd workarounds ([072e83d](https://github.com/panva/jose/commit/072e83de5bf3a15775b0bf25ef8afa8851b8862d)) ### [`v4.14.3`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4143-2023-04-27) [Compare Source](https://github.com/panva/jose/compare/v4.14.2...v4.14.3) ##### Reverts - Revert "fix(types): headers and payloads may only be JSON values and primitives" ([06d8101](https://github.com/panva/jose/commit/06d8101a5827a69bb25c2847b1a10d03f015db03)), closes [#​534](https://github.com/panva/jose/issues/534) ### [`v4.14.2`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4142-2023-04-26) [Compare Source](https://github.com/panva/jose/compare/v4.14.1...v4.14.2) ##### Fixes - **types:** headers and payloads may only be JSON values and primitives ([24f306e](https://github.com/panva/jose/commit/24f306e7f33485daaba1e250dfc97b5f621079ad)) ### [`v4.14.1`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4141-2023-04-20) [Compare Source](https://github.com/panva/jose/compare/v4.14.0...v4.14.1) ### [`v4.14.0`](https://github.com/panva/jose/blob/HEAD/CHANGELOG.md#4140-2023-04-14) [Compare Source](https://github.com/panva/jose/compare/v4.13.2...v4.14.0) ##### Features - add requiredClaims JWT validation option ([eeea91d](https://github.com/panva/jose/commit/eeea91df48cadda84e4fdce6bbba7251ca7af83f))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/creatorsgarten/contentsgarten). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- packages/contentsgarten/package.json | 2 +- pnpm-lock.yaml | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/packages/contentsgarten/package.json b/packages/contentsgarten/package.json index 2dd52223..10ddd01c 100644 --- a/packages/contentsgarten/package.json +++ b/packages/contentsgarten/package.json @@ -39,7 +39,7 @@ "axios": "^1.3.4", "expiry-map": "^2.0.0", "gray-matter": "^4.0.3", - "jose": "^4.13.1", + "jose": "^5.0.0", "js-yaml": "^4.1.0", "json-buffer": "^3.0.1", "keyv": "^4.5.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e0869a57..39b4b91c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -199,8 +199,8 @@ importers: specifier: ^4.0.3 version: 4.0.3 jose: - specifier: ^4.13.1 - version: 4.13.2 + specifier: ^5.0.0 + version: 5.0.1 js-yaml: specifier: ^4.1.0 version: 4.1.0 @@ -3029,7 +3029,6 @@ packages: engines: {node: '>=6.9.0'} dependencies: regenerator-runtime: 0.14.0 - dev: false /@babel/template@7.20.7: resolution: {integrity: sha512-8SegXApWe6VoNw0r9JHpSteLKTpTiLZ4rMlGIm9JQ18KiCtyQiAMEazujAHrUS5flrcqYZa75ukev3P6QmUwUw==} @@ -11699,8 +11698,8 @@ packages: '@sideway/formula': 3.0.1 '@sideway/pinpoint': 2.0.0 - /jose@4.13.2: - resolution: {integrity: sha512-GMUKtV+l05F6NY/06nM7rucHM6Ktvw6sxnyRqINBNWS/hCM/bBk7kanOEckRP8xtC/jzuGfTRVZvkjjuy+g4dA==} + /jose@5.0.1: + resolution: {integrity: sha512-gRVzy7s3RRdGbXmcTdlOswJOjhwPLx1ijIgAqLY6ktzFpOJxxYn4l0fC2vHaHHi4YBX/5FOL3aY+6W0cvQgpug==} dev: false /joycon@3.1.1: @@ -12611,7 +12610,7 @@ packages: /metro-runtime@0.73.10: resolution: {integrity: sha512-EpVKm4eN0Fgx2PEWpJ5NiMArV8zVoOin866jIIvzFLpmkZz1UEqgjf2JAfUJnjgv3fjSV3JqeGG2vZCaGQBTow==} dependencies: - '@babel/runtime': 7.23.1 + '@babel/runtime': 7.23.2 react-refresh: 0.4.3 /metro-source-map@0.73.10: