Sourced from next-auth's releases.

[email protected]

Bugfixes

• providers: add normalizeIdentifier to EmailProvider (afb1fcda)
• ts: fix jsdoc link to documentation (#5039) (a21db895)
• avoid redirect on always public paths (#5000)

[email protected]

Bugfixes

• improve logger (#4970)

[email protected]

Bugfixes

• providers: migrate GitLab provider to TS (#4929) (2725d07e)
• providers: allow issuer in Azure AD B2C (042955ea)
• providers: typo in GitHub provider scope (#4938) (bb664a27)
• ts: remove TS workaround for withAuth (#4926) (46eedee3)
• ts: handleMiddleware return type can be NextMiddlewareResult (#4818) (8853000f)

Other

• ts: explicitly set next path in next-auth (fb60554a)
• revert type assertion
• add Thang to contributor (#4944)
• add TODO comment for next major version

[email protected]

Features

• providers: Add Wikimedia Oauth Provider (#4813) (c22d613)
• providers: add Duende IdentityServer 6 (#4850) (3c210d9)

Bugfixes

• middleware: allow secret as option in Middleware (#4846) (c59a4e0)
• providers: fix VK provider and convert to TS (#3709) (cdf467e)
• ts: use correct type for nodemailer config in the EmailProvider (#4097) (1b91282)
• ts: typo in Azure Active Directory Provider (#4895) (af3c2dd)
• ts: make colorScheme optional (#4868) (c1f7ce3)

Other

• providers: convert GitHub provider to TypeScript (#4908) (3666e43)
• update Next.js example, bump dependencies

[email protected]

Features

... (truncated)

• afb1fcd fix(providers): add normalizeIdentifier to EmailProvider
• a21db89 fix(ts): fix jsdoc link to documentation (#5039)
• e8371ab docs(providers): update custom Reddit provider to v4 (#4985)
• 9cdeb2c docs: Fixed Typo (#5025)
• 89829d8 chore: fix unstable_getServerSession usages in dev app (#5017)
• aedabc8 fix: avoid redirect on always public paths (#5000)
• 9f2cdad docs: add Thang as point of contact
• b107ca4 docs: update path to gitlab provider (#4997)
• 6590993 chore(release): bump package version(s) [skip ci]
• 0ea9679 fix: improve logger (#4970)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next-auth's releases.

[email protected]

Features

• providers: allow styling e-mail through theme option (#4841) (ae834f1)

Bugfixes

• show experimental api warning only in dev and only once (#4816)

[email protected]

Bugfixes

• core: handle invalid email (cd6ccfd)

[email protected]

Features

• core: pass profile to linkAccount event (#4242) (d8d9ab9)
• update Middleware (#4757)

Bugfixes

• core: respect NEXTAUTH_SECRET in unstable_getServerSession (#4774) (c194261)

Other

• deps: upgrade dependencies (a911b4a)

[email protected]

Bugfixes

• build - include utils in package (nextauthjs/next-auth#4760)

[email protected]

Features

• allow standard Request in NextAuthHandler (#4704)
• introduce experimental unstable_getServerSession API (#4116)

Bugfixes

• edge: support request.cookies as a map (#4745) (73d489b)
• providers: use client_secret_post auth method for Instagram (#4705) (92dfc3c)
• ts: infer provider type in signIn (#4679) (e03e234)

Other

• adapters: fix references to deprecated adapters repo (#4737) (172813f)
• add test for invalid callbackUrl handling

[email protected]

Bugfixes

• don't show error on relative callbackUrl

[email protected]

... (truncated)

• 2adfade chore: bump version
• 32fa01f chore: re-add GITHUB_TOKEN
• ae834f1 feat(providers): allow styling e-mail through theme option (#4841)
• 4d4c276 docs: replace npm2yarn with npm2yarn2pnpm docusaurus plugin (#4805)
• f4c0d5a docs: Correct grammatical error (#4836)
• 01cd6b0 docs: fix unstable_getServerSession arguments (#4815)
• 993c0f4 fix: show experimental api warning only in dev and only once (#4816)
• 163d8c6 chore: bump version
• 5319dca fix(ts): fall back to empty string when parsing cookie
• cd6ccfd fix(core): handle invalid email
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next-auth's releases.

[email protected]

Bugfixes

• don't show error on relative callbackUrl

[email protected]

Features

• callback: return always status code 401 on error (#4601) (4daa63d)
• middleware: support custom cookieName (#4385) (7d8cc70)
• middleware: support custom jwt.decode (#4210) (16622f6)
• provider: Add United Effects provider (#4546) (81afeef)
• providers: make issuer configurable on Salesforce (#4658) (358b80d)

Bugfixes

• middleware: use relative URL for sign-in page callbackUrl (#4534) (75602a3)
• ts: allow getToken in getServerSideProps (#4659) (e4ee520)
• ts: remove unused type (#4657) (0a7a916)
• ts: signIn infer provider type (#4623) (46089eb)
• handle invalid callbackUrl

Other

• signout: fix skipped test (#4484) (0b953bd)

[email protected]

Bugfixes

• client: add additional type (#4402) (9f40cd1)
• providers: profile types (#4202) (8288ae5)
• ts: handle NextRequest type (#4472) (fb4bbc3)
• allow react@18 as peer dependency
• loosen env variable URL fallback (#4443)

Other

• remove redundant and deprecated doc (#4475)

[email protected]

Bugfixes

• providers: add optional chaining to avoid nullish reference errors (#4365) (59daa0e)
• signin: set email sign-in input to "email" & "required"(#4352) (fd755bc)
• more strict default callback url handling
• Cleanup global __NEXTAUTH state after unmount (#4383)
• update default callbacks.redirect

Other

... (truncated)

• 8c5d9fa chore: bump versions
• 49a8d51 fix: don't show error on relative callbackUrl
• c0d2517 chore: bump version
• 76560ae chore: no git checks on publish
• 25517b7 fix: handle invalid callbackUrl
• 4daa63d feat(callback): return always status code 401 on error (#4601)
• 81afeef feat(provider): Add United Effects provider (#4546)
• 008f29e docs(next): Update config comment (#4664)
• e4ee520 fix(ts): allow getToken in getServerSideProps (#4659)
• 358b80d feat(providers): make issuer configurable on Salesforce (#4658)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next-auth's releases.

[email protected]

Bugfixes

• providers: add optional chaining to avoid nullish reference errors (#4365) (59daa0e)
• signin: set email sign-in input to "email" & "required"(#4352) (fd755bc)
• more strict default callback url handling
• Cleanup global __NEXTAUTH state after unmount (#4383)
• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)
• bump versions
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#4313)

[email protected]

Bugfixes

• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#4313)

[email protected]

Features

• providers: add BoxyHQ SAML provider (#3782) (001354e)

Bugfixes

• providers: fix BattleNet (163149b)
• providers: issuer instead of region (4234742)
• providers: refactor WorkOS to work in v4 (#3886) (caa9a17)
• ts: SignInAuthorisationParams -> SignInAuthorizationParams (#4072) (0a267d9)
• remove action from bad request response
• only warn when using Twitter + OAuth 2.0 (#4003)
• Switch BattleNet to OIDC (#4015)

Other

• deps: bump next from 12.0.9 to 12.1.0 (#4005) (b6bf236)
• add WorkOS to readme.md (#4091)
• fix providers overview page link in readme.md (#4079)
• disable coverage, fix dynamodb jest config
• enforce build before publish
• tweak Turbo

... (truncated)

• e71118b chore: bump versions
• afdb3c8 fix: more strict default callback url handling
• fd755bc fix(signin): set email sign-in input to "email" & "required"(#4352)
• 59daa0e fix(providers): add optional chaining to avoid nullish reference errors (#4365)
• 58d06ed fix: Cleanup global __NEXTAUTH state after unmount (#4383)
• 82159d3 docs: remove auth from keycloack url (#4391)
• abb9fed chore: bump versions
• 5471c0f chore: use --no-workspaces
• b2da0b3 chore: add --verbose
• b3b8d4b chore: log npm config list
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next-auth's releases.

[email protected]

Bugfixes

• update default callbacks.redirect

Other

• adapters: Add next-autth as devDependencies for adapters (#4226) (6e28ccf)
• manually upgrade dep version
• Update JWT docs to reflect JWE changes in v4 (#4313)

[email protected]

Features

• providers: add BoxyHQ SAML provider (#3782) (001354e)

Bugfixes

• providers: fix BattleNet (163149b)
• providers: issuer instead of region (4234742)
• providers: refactor WorkOS to work in v4 (#3886) (caa9a17)
• ts: SignInAuthorisationParams -> SignInAuthorizationParams (#4072) (0a267d9)
• remove action from bad request response
• only warn when using Twitter + OAuth 2.0 (#4003)
• Switch BattleNet to OIDC (#4015)

Other

• deps: bump next from 12.0.9 to 12.1.0 (#4005) (b6bf236)
• add WorkOS to readme.md (#4091)
• fix providers overview page link in readme.md (#4079)
• disable coverage, fix dynamodb jest config
• enforce build before publish
• tweak Turbo
• Convert to monorepo (#3788)
• exclude tests from release artifact (#4011)
• add release script (#3891)
• separate build commands for core and app (#3845)
• move adapters to monorepo (#3805)
• monorepo 1 (#3804)

• 430aa48 chore(release): bump version
• 5471c0f chore: use --no-workspaces
• b2da0b3 chore: add --verbose
• b3b8d4b chore: log npm config list
• 182e118 chore: else
• 7183b06 chore: write .npmrc
• bd10e87 chore: more visible log
• d07abfe chore: log
• c1110cd chore: don't write .npmrc
• 8ed038d chore: revert
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next's releases.

v12.1.0

Core Changes

• Relay Support in Rust Compiler: #33702
• fix eslint link-passhref rule: #33857
• update webpack: #33831
• Flush buffered vitals metrics on page mount: #33867
• fix problem with HMR when middleware and page reference the same node_module: #33873
• Refactor page component getter in web server: #33759
• update NextResponse default redirect status to 307 to match docs: #33505
• Bug fix: dynamic page should not be interpreted as predefined page: #33808
• Group streaming experimental apis: #33878
• Encapsulate routing and initial hydration: #33875
• Optimize offline condition judgment: #33238
• Ensure external beforeFiles rewrites are handled with next/link: #33888
• Fix parsing params for i18n optional route in minimal mode: #33896
• Ensure browserslist extends works properly: #33890
• Fix image cache race condition: #33883
• Add support for Relay projects without artifactDirectory: #33918
• fix: handle jsxspreadattribute in inline-script-id eslint rule: #32421
• feat(next-swc): Update swc: #33724
• Update to latest version of amphtml-validator: #33967
• Warn in dev mode when script tags are added with next/head: #33968
• Ensure optional chaining in swc matches babel: #33995
• Use react-dom/server.browser in Node.js: #33950
• Ensure external middleware rewrite is handled correctly: #33962
• Update Terser to v5.10.0, fix minification issues: #33045
• Warn in dev mode when stylesheets are added using next/head: #34004
• Use ReadableStream in RenderResult: #34005
• Fix suffix ordering while streaming: #34011
• Don't use yarn if a package-lock.json file is found: #31926
• Do not warn when application/ld+json scripts are used with next/head: #34021
• Babel & next-swc: Fix exporting page config with AsExpression: #32702
• Detect per page runtime config for functions manifest: #33945
• Add JSDoc to config options: #32915
• Update font-stylesheet-gathering-plugin.ts: #30709
• Add decoratorMetadata flag if enabled by tsconfig: #32914
• fix: data url handling in css-loader: #34034
• Place 'charset' element at the top of : #28119
• Fix detection of anchor click events inside svg: #23272
• Allow passing nothing as custom jest config: #32328
• Fixes #31240: Adding a recursive addPackagePath function in webpack-config: #31264
• Require component rendered as child of Link to pass event to onClick handler: #27723
• Allow scroll prevention on hash change: #31921
• Add support for async fn / promise in next.config.js/.mjs: #33662
• Fix lazyRoot functionality for next/image: #33933
• Change SWC minify from beta to release candidate: #34056
• Make Router state immutable: #33925
• Stop exposing internal render and renderError methods from next/client: #34069
• Add api-utils helper for testing: #34078

... (truncated)

• 8545fd1 v12.1.0
• 1605f30 v12.0.11-canary.21
• 69aedbd Fix typo (#34480)
• f0f322c Remove deprecation for relative URL usage in middlewares (#34461)
• d4d79b2 Fix chunk buffering for server components (#34474)
• 74fa4d4 update webpack (#34477)
• b70397e Revert "Allow reading request bodies in middlewares (#34294)" (#34479)
• 4202011 Update font-optimization test snapshot (#34478)
• 1edd851 Allow reading request bodies in middlewares (#34294)
• ba78437 fix: don't wrap profile in firebase example (#34457)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from jose's releases.

v4.9.3

Refactor

• update CEK length validation error message (81a92a9)
• update key input validation error messages (2eac34a)
• update keylike description for WinterCG (6741679)

v4.9.2

Fixes

• limit default PBES2 alg's computational expense (03d6d01)

v4.9.1

Fixes

• deno: add a Deno package entrypoint (9f3c459)

v4.9.0

Features

• add support for RFC 9278 - JWK Thumbprint URI (d06ce65)

Refactor

• consume some base64url decode errors (#436) (caaf2c3)
• unify JOSENotSupported throw on key export (fe5d093)

v4.8.3

This release contains only code refactoring and documentation updates.

v4.8.1

Fixes

• typescript: add types export for nodenext module resolution (#406) (5a6d8f0)

v4.8.0

Features

• add "worker" export in package.json (#400) (c58c80a)
• optional headers options for createRemoteJWKSet (#397) (b4612f5)

v4.7.0

Features

• add createRemoteJWKSet cacheMaxAge option (5017d95), closes #394

v4.6.2

Fixes

... (truncated)

Sourced from jose's changelog.

4.9.3 (2022-09-15)

Refactor

• update CEK length validation error message (81a92a9)
• update key input validation error messages (2eac34a)
• update keylike description for WinterCG (6741679)

4.9.2 (2022-09-01)

Fixes

• limit default PBES2 alg's computational expense (03d6d01)

4.9.1 (2022-08-29)

Fixes

• deno: add a Deno package entrypoint (9f3c459)

4.9.0 (2022-08-17)

Features

• add support for RFC 9278 - JWK Thumbprint URI (d06ce65)

Refactor

• consume some base64url decode errors (#436) (caaf2c3)
• unify JOSENotSupported throw on key export (fe5d093)

4.8.3 (2022-06-29)

4.8.1 (2022-05-02)

Fixes

• typescript: add types export for nodenext module resolution (#406) (5a6d8f0)

4.8.0 (2022-04-26)

Features

... (truncated)

• eca8ac3 chore(release): 4.9.3
• 2eac34a refactor: update key input validation error messages
• 6741679 refactor: update keylike description for WinterCG
• 81a92a9 refactor: update CEK length validation error message
• 644a13b style: prettier
• ec6a6a5 test: add a check that signatures are verified before claims set
• f64cadd chore: cleanup after publish
• db71b3d chore(release): 4.9.2
• 03d6d01 fix: limit default PBES2 alg's computational expense
• 8c5cc34 chore: cleanup after publish
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.