Skip to content

Releases: panva/jose

v5.0.1

25 Oct 16:38
Compare
Choose a tag to compare

Fixes

  • also use ES2020 in the CDN bundles (8c4d390)

v5.0.0

25 Oct 16:08
Compare
Choose a tag to compare

⚠ BREAKING CHANGES

  • Node.js: return Uint8Array (not a Buffer) from base64url.decode
  • Browser distribution is now built using ES2020 as a target
  • Node.js distribution is now built using ES2022 as a target
  • types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
  • PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
  • importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
  • End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, 21, and future releases are the ones that remain supported.
  • The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.

Features

  • add Date as valid input to timestamp setting functions (bd830a4)
  • default to an empty payload in JWT producing constructors (98d6ca1)
  • types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #568

Reverts

  • Revert "test: fix test under lts/erbium" (b64b6c7)

Refactor

  • Browser distribution is now built using ES2020 as a target (1836684)
  • drop support for EOL Node.js versions (b5aee54)
  • importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
  • Node.js distribution is now built using ES2022 as a target (239697a)
  • Node.js: return Uint8Array (not a Buffer) from base64url.decode (02d5182)
  • PBES2 Algorithms require explicit opt-in during verification (e2da031)
  • remove support for JWE "zip" (Compression Algorithm) Header Parameter (16998b1)
  • types: rename type parameters for the KeyLike returns (eddd400)
  • update allow list error messages (fe8114c)

v4.15.4

14 Oct 15:13
Compare
Choose a tag to compare

Fixes

v4.15.3

11 Oct 18:46
Compare
Choose a tag to compare

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

04 Oct 12:21
Compare
Choose a tag to compare

Fixes

  • build: add a node target for jose-browser-runtime releases (abb63d0)

v4.15.1

02 Oct 13:28
Compare
Choose a tag to compare

Fixes

  • resolve missing types for the cryptoRuntime const (1627965)

v4.15.0

02 Oct 13:06
Compare
Choose a tag to compare

Features

  • export the used crypto runtime as a constant (0681dda)

v4.14.6

04 Sep 14:31
Compare
Choose a tag to compare

Fixes

  • build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

v4.14.5

02 Sep 17:39
Compare
Choose a tag to compare

Refactor

  • catch type error when decoding base64url signature (#569) (935e920)
  • catch type errors when decoding various base64url strings (9024e87)

v4.14.4

30 Apr 06:07
Compare
Choose a tag to compare

Refactor

  • cleanup NODE-ED25519 workerd workarounds (072e83d)