Skip to content

Bump jws from 3.2.2 to 3.2.3 in /js#30

Merged
neetogit-bot[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js/jws-3.2.3
Apr 2, 2026
Merged

Bump jws from 3.2.2 to 3.2.3 in /js#30
neetogit-bot[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/js/jws-3.2.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Dec 4, 2025
edited
Loading

Bumps jws from 3.2.2 to 3.2.3.

Release notes

Sourced from jws's releases.

v3.2.3

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

  • BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

  • Code reorganization, thanks @​fearphage! (7880050)

Added

  • Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)
Commits
  • 4f6e73f Merge commit from fork
  • bd0fea5 version 3.2.3
  • 7c3b4b4 Enhance tests for HMAC streaming sign and verify
  • a9b8ed9 Improve secretOrKey initialization in VerifyStream
  • 6707fde Improve secret handling in SignStream
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code patch labels Dec 4, 2025
@yedhink
Copy link
Copy Markdown
Contributor

yedhink commented Apr 2, 2026

@dependabot recreate

@dependabot
Bump jws from 3.2.2 to 3.2.3 in /js
6c80933 
Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

---
updated-dependencies:
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/js/jws-3.2.3 branch from 92a8284 to 6c80933 Compare April 2, 2026 12:38
@neetogit-bot
Copy link
Copy Markdown

neetogit-bot Bot commented Apr 2, 2026

NeetoGit is monitoring this dependabot PR (jws 3.2.2 → 3.2.3). Once CI completes, this PR will be auto-merged if all checks pass, or a reviewer will be assigned if CI fails.

This comment was auto-generated by NeetoGit.

@neetogit-bot neetogit-bot Bot added the mergepr label Apr 2, 2026
@neetogit-bot neetogit-bot Bot merged commit 508956b into main Apr 2, 2026
1 check passed
@neetogit-bot neetogit-bot Bot deleted the dependabot/npm_and_yarn/js/jws-3.2.3 branch April 2, 2026 12:42
@yedhink
Copy link
Copy Markdown
Contributor

yedhink commented Apr 2, 2026

@dependabot recreate

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 2, 2026

Looks like this PR has already been merged. If you've moved back to an older version of jws a new PR will be created next time Dependabot checks your dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code mergepr patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yedhink