chore(deps): bump jose from 4.15.4 to 5.2.0

[dependabot]

Bumps jose from 4.15.4 to 5.2.0.

Release notes

Sourced from jose's releases.

v5.2.0

Features

• extend JWT NumericDate setter syntax (ae363c3)

v5.1.3

Build

• add errors and base64url submodule exports (564412d)

v5.1.2

Fixes

• do not mutate JWTVerifyOptions.requiredClaims (1bf9cec), closes #610

v5.1.1

Refactor

• deprecate the RSA1_5 JWE Algorithm (f746da1)

v5.1.0

Features

• add payload generics to jose.decodeJwt (9de49e2), closes #604

v5.0.2

Fixes

• createRemoteJWKSet: ensure a default user-agent header is present (887dd3c), closes #600

v5.0.1

Fixes

• also use ES2020 in the CDN bundles (8c4d390)

v5.0.0

⚠ BREAKING CHANGES

• Node.js: return Uint8Array (not a Buffer) from base64url.decode
• Browser distribution is now built using ES2020 as a target
• Node.js distribution is now built using ES2022 as a target
• types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
• PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
• importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
• End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, 21, and future releases are the ones that remain supported.
• The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.

Features

... (truncated)

Changelog

Sourced from jose's changelog.

5.2.0 (2023-12-24)

Features

• extend JWT NumericDate setter syntax (ae363c3)

5.1.3 (2023-11-30)

5.1.2 (2023-11-27)

Fixes

• do not mutate JWTVerifyOptions.requiredClaims (1bf9cec), closes #610

5.1.1 (2023-11-14)

Refactor

• deprecate the RSA1_5 JWE Algorithm (f746da1)

5.1.0 (2023-11-03)

Features

• add payload generics to jose.decodeJwt (9de49e2), closes #604

5.0.2 (2023-11-02)

Fixes

• createRemoteJWKSet: ensure a default user-agent header is present (887dd3c), closes #600

5.0.1 (2023-10-25)

Fixes

• also use ES2020 in the CDN bundles (8c4d390)

5.0.0 (2023-10-25)

⚠ BREAKING CHANGES

• Node.js: return Uint8Array (not a Buffer) from base64url.decode

... (truncated)

Commits

• 5878023 chore(release): 5.2.0
• 670491b docs: adds jsdocs to timestamp helpers (#619)
• ae363c3 feat: extend JWT NumericDate setter syntax
• c739a59 chore: cleanup after release
• fb53839 chore(release): 5.1.3
• 564412d build: add errors and base64url submodule exports
• 9bbe5fb chore: cleanup after release
• f0d7248 chore(release): 5.1.2
• 1bf9cec fix: do not mutate JWTVerifyOptions.requiredClaims
• b7b1e3a build(deps): bump dessant/lock-threads from 4.0.1 to 5.0.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)