Skip to content

chore(deps): bump jws from 3.2.2 to 3.2.3#789

Merged
huyleminh01 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/jws-3.2.3
May 4, 2026
Merged

chore(deps): bump jws from 3.2.2 to 3.2.3#789
huyleminh01 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/jws-3.2.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Dec 4, 2025
edited
Loading

Bumps jws from 3.2.2 to 3.2.3.

Release notes

Sourced from jws's releases.

v3.2.3

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

  • BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

  • Code reorganization, thanks @​fearphage! (7880050)

Added

  • Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)
Commits
  • 4f6e73f Merge commit from fork
  • bd0fea5 version 3.2.3
  • 7c3b4b4 Enhance tests for HMAC streaming sign and verify
  • a9b8ed9 Improve secretOrKey initialization in VerifyStream
  • 6707fde Improve secret handling in SignStream
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 4, 2025
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/jws-3.2.3 branch from d458ff7 to 72681e3 Compare December 23, 2025 10:17
@huyleminh01
Copy link
Copy Markdown
Contributor

huyleminh01 commented May 4, 2026

@dependabot recreate

@dependabot
chore(deps): bump jws from 3.2.2 to 3.2.3
8b3bc73 
Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

---
updated-dependencies:
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/jws-3.2.3 branch from 72681e3 to 8b3bc73 Compare May 4, 2026 02:36
@huyleminh01 huyleminh01 added the PR: Dependencies Update 🤖 A type of pull request used for changelog categories label May 4, 2026
@huyleminh01 huyleminh01 merged commit cd17b31 into master May 4, 2026
2 of 4 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/jws-3.2.3 branch May 4, 2026 03:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@huyleminh01 huyleminh01 huyleminh01 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code PR: Dependencies Update 🤖 A type of pull request used for changelog categories

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@huyleminh01