Skip to content

chore(deps): bump jose from 2.0.3 to 4.8.3#51

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/jose-4.8.3
Closed

chore(deps): bump jose from 2.0.3 to 4.8.3#51
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/jose-4.8.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2022

Copy link
Copy Markdown

Bumps jose from 2.0.3 to 4.8.3.

Release notes

Sourced from jose's releases.

v4.8.3

This release contains only code refactoring and documentation updates.

v4.8.1

Fixes

  • typescript: add types export for nodenext module resolution (#406) (5a6d8f0)

v4.8.0

Features

  • add "worker" export in package.json (#400) (c58c80a)
  • optional headers options for createRemoteJWKSet (#397) (b4612f5)

v4.7.0

Features

  • add createRemoteJWKSet cacheMaxAge option (5017d95), closes #394

v4.6.2

Fixes

  • dont check JWT iat is in the past unless maxTokenAge is used (96d85c7)

v4.6.1

This release contains only code refactoring and documentation updates.

v4.6.0

Features

  • mark APIs and parameters that can lead to footguns as deprecated (0ddbcc6)
  • types: include JSDoc in the types (74187a9)

v4.5.3

Fixes

  • web api runtime: rely on default fetch init values (df6d966)

v4.5.2

Fixes

  • decrypting empty ciphertext compact JWEs (#374) (95fe597)

v4.5.1

Fixes

  • typescript: allow synchronous get key functions (7c99153)

v4.5.0

Features

... (truncated)

Changelog

Sourced from jose's changelog.

4.8.3 (2022-06-29)

4.8.1 (2022-05-02)

Fixes

  • typescript: add types export for nodenext module resolution (#406) (5a6d8f0)

4.8.0 (2022-04-26)

Features

  • add "worker" export in package.json (#400) (c58c80a)
  • optional headers options for createRemoteJWKSet (#397) (b4612f5)

4.7.0 (2022-04-21)

Features

  • add createRemoteJWKSet cacheMaxAge option (5017d95), closes #394

4.6.2 (2022-04-19)

Fixes

  • dont check JWT iat is in the past unless maxTokenAge is used (96d85c7)

4.6.1 (2022-04-11)

4.6.0 (2022-03-06)

Features

  • mark APIs and parameters that can lead to footguns as deprecated (0ddbcc6)
  • types: include JSDoc in the types (74187a9)

4.5.3 (2022-03-05)

Fixes

  • web api runtime: rely on default fetch init values (df6d966)

4.5.2 (2022-03-04)

... (truncated)

Commits
  • 7b5fe53 chore(release): 4.8.3
  • af2b2e2 build: remove @​types/web
  • ddf6677 build: use a package-lock.json lockfile
  • c48c742 build: lock typedoc semver minor
  • 06b5760 docs: update key export descriptions
  • 5266f6e chore: prettier
  • c8d0bc1 chore: dont use npx in scripts
  • e06b97c refactor: remove node use of NODE-ED* algorithms
  • 15c9971 docs: restore docs/README.md
  • b656fc7 docs: update typedoc, re-run generate
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump jose from 2.0.3 to 4.8.3
ea77f0a 
Bumps [jose](https://github.com/panva/jose) from 2.0.3 to 4.8.3.
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md)
- [Commits](panva/jose@v2.0.3...v4.8.3)

---
updated-dependencies:
- dependency-name: jose
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 1, 2022
@dependabot dependabot Bot requested a review from Romakita July 1, 2022 13:42
@dependabot dependabot Bot mentioned this pull request Jul 1, 2022
Closed
@dependabot @github

dependabot Bot commented on behalf of github Sep 1, 2022

Copy link
Copy Markdown
Author

Superseded by #52.

@dependabot dependabot Bot closed this Sep 1, 2022
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/jose-4.8.3 branch September 1, 2022 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Romakita Romakita Awaiting requested review from Romakita

Assignees

@Romakita Romakita

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Romakita