jose
Advanced tools
Changelog
5.0.0 (2023-10-25)
⚠ BREAKING CHANGES
- Node.js: return Uint8Array (not a Buffer) from base64url.decode
- Browser distribution is now built using ES2020 as a target
- Node.js distribution is now built using ES2022 as a target
- types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
- PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
- importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
- End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, and 21 and future releases are the ones that remain supported.
- The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.
Features
- add Date as valid input to timestamp setting functions (bd830a4)
- default to an empty payload in JWT producing constructors (98d6ca1)
- types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #568
Reverts
- Revert "test: fix test under lts/erbium" (b64b6c7)
Refactor
- Browser distribution is now built using ES2020 as a target (1836684)
- drop support for EOL Node.js versions (b5aee54)
- importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
- Node.js distribution is now built using ES2022 as a target (239697a)
- Node.js: return Uint8Array (not a Buffer) from base64url.decode (02d5182)
- PBES2 Algorithms require explicit opt-in during verification (e2da031)
- remove support for JWE "zip" (Compression Algorithm) Header Parameter (16998b1)
- types: rename type parameters for the KeyLike returns (eddd400)
- update allow list error messages (fe8114c)