chore(deps): bump jose from 4.11.4 to 4.12.0

[dependabot]

Bumps jose from 4.11.4 to 4.12.0.

Release notes

Sourced from jose's releases.

v4.12.0

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))
const options = {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
.jwtVerify(jwt, JWKS, options)
.catch(async (error) => {
if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') {
for await (const publicKey of error) {
try {
return await jose.jwtVerify(jwt, publicKey, options)
} catch (innerError) {
if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') {
continue
}
throw innerError
}
}
throw new jose.errors.JWSSignatureVerificationFailed()
}
throw error

})
console.log(protectedHeader)
console.log(payload)

Changelog

Sourced from jose's changelog.

4.12.0 (2023-02-15)

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

Commits

• bba4824 chore(release): 4.12.0
• 426e629 chore: upgrade dev deps
• a278acd feat: enable key iteration over JWKSMultipleMatchingKeys
• 8e3ca5e chore: upgrade dev deps
• 5aa45b9 ci: use reusable browserstack cert setup
• 92bbd2d ci: cleanup cache workflows
• aa5aea1 docs: add missing '-' at end of PKCS#8 key example (#500)
• 0cd8eba chore: cleanup after publish
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)