[Snyk] Upgrade jose from 4.8.3 to 4.15.5

[tomstrat]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade jose from 4.8.3 to 4.15.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 33 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-03-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-JOSE-3018688	565/1000 Why? Is reachable, Has a fix available, CVSS 5.3	No Known Exploit
	Resource Exhaustion SNYK-JS-JOSE-6419224	565/1000 Why? Is reachable, Has a fix available, CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: jose

• 4.15.5 - 2024-03-07
  

  Fixes

  • add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176
• 4.15.4 - 2023-10-14
• 4.15.3 - 2023-10-11
• 4.15.2 - 2023-10-04
• 4.15.1 - 2023-10-02
• 4.15.0 - 2023-10-02
• 4.14.6 - 2023-09-04
• 4.14.5 - 2023-09-02
• 4.14.4 - 2023-04-30
• 4.14.3 - 2023-04-27
• 4.14.2 - 2023-04-26
• 4.14.1 - 2023-04-20
• 4.14.0 - 2023-04-14
• 4.13.2 - 2023-04-12
• 4.13.1 - 2023-03-02
• 4.13.0 - 2023-02-27
• 4.12.2 - 2023-02-27
• 4.12.1 - 2023-02-27
• 4.12.0 - 2023-02-15
• 4.11.4 - 2023-02-07
• 4.11.3 - 2023-02-07
• 4.11.2 - 2023-01-01
• 4.11.1 - 2022-11-22
• 4.11.0 - 2022-11-08
• 4.10.4 - 2022-10-28
• 4.10.3 - 2022-10-20
• 4.10.2 - 2022-10-20
• 4.10.1 - 2022-10-20
• 4.10.0 - 2022-09-27
• 4.9.3 - 2022-09-15
• 4.9.2 - 2022-09-01
• 4.9.1 - 2022-08-29
• 4.9.0 - 2022-08-17
• 4.8.3 - 2022-06-29

from jose GitHub release notes

Commit messages

Package name: jose

• 765aafd chore(release): 4.15.5
• b36e45e test: add export check to x509 pem import tests
• e839ecb test: stop testing JWE RSA1_5 Algorithm
• 1b91d88 fix: add a maxOutputLength option to zlib inflate
• 9ca2b24 build: remove release action
• f3035d8 chore: cleanup after release
• f0bb220 chore(release): 4.15.4
• 6f38554 chore: bump dev deps
• 936c9df fix(types): export GetKeyFunction (#592)
• 5ac6619 chore: bump dev deps
• b27d695 chore: cleanup after release
• 825e798 chore(release): 4.15.3
• 28fbb35 chore: bump dev deps
• 110fac2 test: mark Compressed Content tests as non-reproducible
• 358e864 test: use non deprecated rsa-pss options
• cc47abb chore: bump dev deps
• cf11f59 chore: bump dev deps
• 60db9ad chore: cleanup after release
• 9e917e1 chore(release): 4.15.2
• abb63d0 fix(build): add a node target for jose-browser-runtime releases
• 92a871a test(browsers): only set $BROWSER to a default if missing
• c13c12c ci: use oven-sh/setup-bun
• eba5f27 chore: bump dev deps
• f3b05ef test: update comment with opened WebKit bug url

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs