[Snyk] Upgrade jose from 5.3.0 to 6.1.3#286
Closed
nerdy-tech-com-gitub wants to merge 2 commits intomainfrom
Closed
[Snyk] Upgrade jose from 5.3.0 to 6.1.3#286nerdy-tech-com-gitub wants to merge 2 commits intomainfrom
nerdy-tech-com-gitub wants to merge 2 commits intomainfrom
Conversation
Snyk has created this PR to upgrade jose from 5.3.0 to 6.1.3. See this package in npm: jose See this project in Snyk: https://app.snyk.io/org/nerds-github/project/00eaf84d-a05e-4e1a-923e-697960352bb8?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade jose from 5.3.0 to 6.1.3. See this package in npm: jose See this project in Snyk: https://app.snyk.io/org/nerds-github/project/00eaf84d-a05e-4e1a-923e-697960352bb8?utm_source=github&utm_medium=referral&page=upgrade-pr
nerdy-tech-com-gitub
deleted the
snyk-upgrade-e8ba73e56265af6597acb5962c6e1549
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade jose from 5.3.0 to 6.1.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 35 versions ahead of your current version.
The recommended version was released 2 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-GLOB-14040952
SNYK-JS-UNDICI-8641354
SNYK-JS-OCTOKITENDPOINT-8730856
SNYK-JS-OCTOKITPLUGINPAGINATEREST-8730855
SNYK-JS-OCTOKITREQUEST-8730853
SNYK-JS-OCTOKITREQUESTERROR-8730854
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-UNDICI-10176064
Release notes
Package name: jose
-
6.1.3 - 2025-12-02
- avoid export * as for google closure's compiler sake (6303d98), closes #832
-
6.1.2 - 2025-11-15
- fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828
-
6.1.1 - 2025-11-09
- add link to RFC9864 (767edde)
- link to ML-DSA for JOSE (ed4252c)
- remove mention of Edge Runtime from the readme (94fdde7)
- update README.md (25098ef)
- eliminate named exports in the source code (f6ae30d)
- expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
- faster path for symmetric key checks (a44c2ec)
- improve en/decoding overheads (daee426)
-
6.1.0 - 2025-08-27
- support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
- support for the ML-DSA PQC Algorithm Identifiers (25ddce4)
-
6.0.13 - 2025-08-21
- more readability in ecdhes.ts (84da9de)
- update asn1.ts helpers (b4f8fb3)
-
6.0.12 - 2025-07-15
- add known caveats to customFetch (02e1f1e)
- mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
- update compact setKeyManagementParameters (2f44381)
- use GitHub Flavored Markdown for notes and warnings (f6b4ffc)
- createPublicKey is not a constructor (61ded78)
- update asn1.ts helper functions (b2b611c)
-
6.0.11 - 2025-05-05
- typ checking edge-cases when it contains a slash (/) character (31e4baf)
-
6.0.10 - 2025-03-12
- removed unused claims methods (74719cf)
- reorganize jwt claim set utils (1f12d88)
-
6.0.9 - 2025-03-11
- add more symbol document, ignore ts-private fields (8b73687)
- bump typedoc (6163a8b)
- drop cdnjs links in README (a910038)
- drop denoland/x links in README and add jsr (3662b9e)
- fix key export links from docs/README.md (c8edfc2)
- always assume structuredClone is present (f7898a9)
- hide internal private fields and drop ProduceJWT inheritance (ab18881)
- less objects when JWE JWT Replicated Header Parameters are used (c763a0e)
-
6.0.8 - 2025-02-26
- export [customFetch] symbol from the default entrypoint (1615614), closes #762
-
6.0.7 - 2025-02-25
-
6.0.6 - 2025-02-23
-
6.0.5 - 2025-02-23
-
6.0.4 - 2025-02-22
-
6.0.3 - 2025-02-22
-
6.0.2 - 2025-02-22
-
6.0.1 - 2025-02-22
-
6.0.0 - 2025-02-22
-
5.10.0 - 2025-02-17
-
5.9.6 - 2024-10-20
-
5.9.5 - 2024-10-20
-
5.9.4 - 2024-10-11
-
5.9.3 - 2024-09-22
-
5.9.2 - 2024-09-14
-
5.9.1 - 2024-09-13
-
5.9.0 - 2024-09-13
-
5.8.0 - 2024-08-26
-
5.7.0 - 2024-08-19
-
5.6.3 - 2024-07-03
-
5.6.2 - 2024-06-27
-
5.6.1 - 2024-06-27
-
5.6.0 - 2024-06-27
-
5.5.0 - 2024-06-26
-
5.4.1 - 2024-06-18
-
5.4.0 - 2024-06-03
-
5.3.0 - 2024-05-10
from jose GitHub release notesRefactor
Refactor
Documentation
Refactor
Features
Refactor
Documentation
Refactor
Fixes
Refactor
Documentation
Refactor
Fixes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: