Bump jose from 4.11.0 to 4.15.5 in /examples/users-api by dependabot[bot] · Pull Request #749 · auth0/auth0-react

dependabot · 2024-03-07T17:55:39Z

Bumps jose from 4.11.0 to 4.15.5.

Release notes

v4.15.5

Fixes

add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176

v4.15.4

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

v4.15.3

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

v4.15.1

Fixes

resolve missing types for the cryptoRuntime const (1627965)

v4.15.0

Features

export the used crypto runtime as a constant (0681dda)

v4.14.6

Fixes

build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

v4.14.5

Refactor

catch type error when decoding base64url signature (#569) (935e920)

catch type errors when decoding various base64url strings (9024e87)

v4.14.4

Refactor

cleanup NODE-ED25519 workerd workarounds (072e83d)

v4.14.3

Reverts

Revert "fix(types): headers and payloads may only be JSON values and primitives" (06d8101), closes #534

... (truncated)

Changelog

Sourced from jose's changelog.

4.15.5 (2024-03-07)

Fixes

add a maxOutputLength option to zlib inflate (1b91d88)

4.15.4 (2023-10-14)

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

4.15.1 (2023-10-02)

Fixes

resolve missing types for the cryptoRuntime const (1627965)

4.15.0 (2023-10-02)

Features

export the used crypto runtime as a constant (0681dda)

4.14.6 (2023-09-04)

Fixes

build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

4.14.5 (2023-09-02)

Refactor

catch type error when decoding base64url signature (#569) (935e920)

... (truncated)

Commits

765aafd chore(release): 4.15.5
b36e45e test: add export check to x509 pem import tests
e839ecb test: stop testing JWE RSA1_5 Algorithm
1b91d88 fix: add a maxOutputLength option to zlib inflate
9ca2b24 build: remove release action
f3035d8 chore: cleanup after release
f0bb220 chore(release): 4.15.4
6f38554 chore: bump dev deps
936c9df fix(types): export GetKeyFunction (#592)
5ac6619 chore: bump dev deps
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by panva, a new releaser for jose since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

nandan-bhat · 2024-06-18T10:13:04Z

@dependabot recreate

Bumps [jose](https://github.com/panva/jose) from 4.11.0 to 4.15.5. - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v4.15.5/CHANGELOG.md) - [Commits](panva/jose@v4.11.0...v4.15.5) --- updated-dependencies: - dependency-name: jose dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

nandan-bhat · 2024-06-21T14:30:34Z

@dependabot recreate

…ose-4.15.5

**Added** - Feature/react19 [\#824](#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](#715) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump typedoc from 0.25.4 to 0.25.7 [\#713](#713) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](#796) ([desusai7](https://github.com/desusai7)) - Update codeowner file with new GitHub team name [\#790](#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Workaround for failing "integration test (CRA)" [\#769](#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](#720) ([dependabot[bot]](https://github.com/apps/dependabot))

**Added** - Release v2.3.0 [\#825](#825) ([tusharpandey13](https://github.com/tusharpandey13)) - Feature/react19 [\#824](#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](#796) ([desusai7](https://github.com/desusai7)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](#715) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - fix npm release workflow [\#826](#826) ([tusharpandey13](https://github.com/tusharpandey13)) - Update codeowner file with new GitHub team name [\#790](#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Workaround for failing "integration test (CRA)" [\#769](#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Removed** - Revert "Release v2.3.0" [\#827](#827) ([tusharpandey13](https://github.com/tusharpandey13)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](#720) ([dependabot[bot]](https://github.com/apps/dependabot))

**Added** - Feature/react19 [\#824](auth0/auth0-react#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](auth0/auth0-react#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](auth0/auth0-react#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](auth0/auth0-react#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](auth0/auth0-react#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](auth0/auth0-react#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](auth0/auth0-react#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](auth0/auth0-react#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](auth0/auth0-react#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](auth0/auth0-react#715) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump typedoc from 0.25.4 to 0.25.7 [\#713](auth0/auth0-react#713) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](auth0/auth0-react#796) ([desusai7](https://github.com/desusai7)) - Update codeowner file with new GitHub team name [\#790](auth0/auth0-react#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](auth0/auth0-react#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Workaround for failing "integration test (CRA)" [\#769](auth0/auth0-react#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](auth0/auth0-react#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](auth0/auth0-react#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](auth0/auth0-react#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](auth0/auth0-react#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](auth0/auth0-react#720) ([dependabot[bot]](https://github.com/apps/dependabot))

**Added** - Release v2.3.0 [\#825](auth0/auth0-react#825) ([tusharpandey13](https://github.com/tusharpandey13)) - Feature/react19 [\#824](auth0/auth0-react#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](auth0/auth0-react#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](auth0/auth0-react#796) ([desusai7](https://github.com/desusai7)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](auth0/auth0-react#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](auth0/auth0-react#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](auth0/auth0-react#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](auth0/auth0-react#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](auth0/auth0-react#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](auth0/auth0-react#715) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - fix npm release workflow [\#826](auth0/auth0-react#826) ([tusharpandey13](https://github.com/tusharpandey13)) - Update codeowner file with new GitHub team name [\#790](auth0/auth0-react#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Workaround for failing "integration test (CRA)" [\#769](auth0/auth0-react#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Removed** - Revert "Release v2.3.0" [\#827](auth0/auth0-react#827) ([tusharpandey13](https://github.com/tusharpandey13)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](auth0/auth0-react#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](auth0/auth0-react#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](auth0/auth0-react#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](auth0/auth0-react#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](auth0/auth0-react#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](auth0/auth0-react#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](auth0/auth0-react#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](auth0/auth0-react#720) ([dependabot[bot]](https://github.com/apps/dependabot))

dependabot bot requested a review from a team as a code owner March 7, 2024 17:55

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 7, 2024

dependabot bot temporarily deployed to internal March 7, 2024 17:55 Inactive

dependabot bot force-pushed the dependabot/npm_and_yarn/examples/users-api/jose-4.15.5 branch from 28e0303 to 5a7d6b2 Compare June 18, 2024 10:13

dependabot bot temporarily deployed to internal June 18, 2024 10:13 Inactive

dependabot bot temporarily deployed to internal June 21, 2024 14:31 Inactive

nandan-bhat approved these changes Jun 21, 2024

View reviewed changes

Merge branch 'main' into dependabot/npm_and_yarn/examples/users-api/j…

c39b806

…ose-4.15.5

nandan-bhat temporarily deployed to internal June 21, 2024 14:32 — with GitHub Actions Inactive

nandan-bhat temporarily deployed to internal June 21, 2024 14:33 — with GitHub Actions Inactive

nandan-bhat merged commit 235e74e into main Jun 21, 2024

nandan-bhat deleted the dependabot/npm_and_yarn/examples/users-api/jose-4.15.5 branch June 21, 2024 14:38

tusharpandey13 mentioned this pull request Jan 21, 2025

Release v2.3.0 #825

Merged

tusharpandey13 mentioned this pull request Jan 21, 2025

Release v2.3.0 #828

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump jose from 4.11.0 to 4.15.5 in /examples/users-api#749

Bump jose from 4.11.0 to 4.15.5 in /examples/users-api#749
nandan-bhat merged 2 commits intomainfrom
dependabot/npm_and_yarn/examples/users-api/jose-4.15.5

dependabot bot commented on behalf of github Mar 7, 2024 •

edited

Loading

Uh oh!

nandan-bhat commented Jun 18, 2024

Uh oh!

nandan-bhat commented Jun 21, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.15.5

Fixes

v4.15.4

Fixes

v4.15.3

v4.15.2

Fixes

v4.15.1

Fixes

v4.15.0

Features

v4.14.6

Fixes

v4.14.5

Refactor

v4.14.4

Refactor

v4.14.3

Reverts

4.15.5 (2024-03-07)

Fixes

4.15.4 (2023-10-14)

Fixes

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

4.15.1 (2023-10-02)

Fixes

4.15.0 (2023-10-02)

Features

4.14.6 (2023-09-04)

Fixes

4.14.5 (2023-09-02)

Refactor

Uh oh!

nandan-bhat commented Jun 18, 2024

Uh oh!

nandan-bhat commented Jun 21, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 7, 2024 •

edited

Loading