chore(release): bump package versions

[halvaradop]

Description

This pull request publishes new releases for the following packages:

• @aura-stack/jose -> v0.3.0
• @aura-stack/auth -> v0.4.0

These releases include multiple new features, security improvements, and internal refinements introduced across recent changes in the monorepo. The version bump reflects cumulative enhancements to authentication flows, cryptographic handling, configuration options, and developer experience compared to previous versions.

Key Changes

@aura-stack/auth

• feat(core): introduce OAuth providers API #93
• refactor(core): replace dotenv with native environment loading #92
• feat(core): set secure headers in action flows #90
• fix(security): mitigate potential security risks #89
• feat(core): add trustedOrigins option #88
• feat(jose): add entropy verification for weak secrets #85
• feat(core): add logger configuration option #84
• refactor(signIn): add strict validation for redirect values #83

@aura-stack/jose

• fix(security): mitigate potential security risks #89
• feat(jose): add entropy verification for weak secrets #85
• feat(jose): add verifier options for JWS and JWE #48
• feat(jose): add key derivation support to createJWT #45

Packages on npm

• @aura-stack/auth@0.4.0
• @aura-stack/jose@0.3.0

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
auth-nextjs-demo	Ready	Preview, Comment	Feb 17, 2026 3:44pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
auth	Skipped		Feb 17, 2026 3:44pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates release metadata: packages/core version bumped 0.3.0 → 0.4.0 with a new CHANGELOG entry; packages/jose version bumped 0.2.0 → 0.3.0 with a new CHANGELOG entry documenting JWT and entropy-related additions. No code logic files changed.

Changes

Cohort / File(s)	Summary
Core changelog packages/core/CHANGELOG.md	Added Unreleased and 0.4.0 release notes: OAuth provider API, native env var access, security headers, trustedOrigins/createAuth changes, logger option, CSRF SameSite change, salt/secret configuration and entropy checks, redirect validation.
Jose changelog packages/jose/CHANGELOG.md	Added 0.3.0 release notes: stricter JWT verification, entropy requirements for secrets, verifyJWS/decryptJWE options, key derivation support for JWT flows.
Package versions packages/core/package.json, packages/jose/package.json	Bumped package versions: core 0.3.0 → 0.4.0; jose 0.2.0 → 0.3.0. No other package.json fields changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 I nibble changelogs under moonlight bright,
New versions hopping, everything feels right.
Secrets gain strength, JWTs dance in tune,
OAuth doors opened beneath the silver moon.
Hop, hop—releases spring into sight!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main purpose of the changeset: version bumps for packages/core and packages/jose with updated CHANGELOGs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release/bump-packages

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

packages/jose/CHANGELOG.md (1)

13-13: Standardize date format to ISO 8601.

The date "2026-2-16" should use leading zeros: "2026-02-16" to match ISO 8601 format (YYYY-MM-DD) recommended by Keep a Changelog.

📅 Proposed fix for date format

-## [0.3.0] - 2026-2-16
+## [0.3.0] - 2026-02-16

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/jose/CHANGELOG.md` at line 13, Update the release header date in
CHANGELOG.md for version "0.3.0" to use ISO 8601 with leading zeros: change the
string "## [0.3.0] - 2026-2-16" to "## [0.3.0] - 2026-02-16" so the date format
is YYYY-MM-DD and consistent with Keep a Changelog.

packages/core/CHANGELOG.md (1)

13-13: Standardize date format to ISO 8601.

The date "2026-2-16" should use leading zeros: "2026-02-16". The Keep a Changelog format recommends ISO 8601 (YYYY-MM-DD) for consistency and machine readability.

📅 Proposed fix for date format

-## [0.4.0] - 2026-2-16
+## [0.4.0] - 2026-02-16

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/core/CHANGELOG.md` at line 13, Update the release header date to ISO
8601 format: change the version header string "## [0.4.0] - 2026-2-16" to use
leading zeros ("## [0.4.0] - 2026-02-16") so the CHANGELOG follows the Keep a
Changelog YYYY-MM-DD convention.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/core/CHANGELOG.md`:
- Line 13: Update the release header date to ISO 8601 format: change the version
header string "## [0.4.0] - 2026-2-16" to use leading zeros ("## [0.4.0] -
2026-02-16") so the CHANGELOG follows the Keep a Changelog YYYY-MM-DD
convention.

In `@packages/jose/CHANGELOG.md`:
- Line 13: Update the release header date in CHANGELOG.md for version "0.3.0" to
use ISO 8601 with leading zeros: change the string "## [0.3.0] - 2026-2-16" to
"## [0.3.0] - 2026-02-16" so the date format is YYYY-MM-DD and consistent with
Keep a Changelog.