HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /www/wwwroot/oura.mlazu.com/node_modules/.pnpm/node_modules/jws/
Upload Files
File: /www/wwwroot/oura.mlazu.com/node_modules/.pnpm/node_modules/jws/CHANGELOG.md
# Change Log

All notable changes to this project will be documented in this file.

## [4.0.1]

### Changed

- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require
  that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
  when using HMAC algorithms.
- Upgrading JWA version to 2.0.1, adressing a compatibility issue for Node >= 25.

## [3.2.3]

### Changed

- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require
  that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
  when using HMAC algorithms.
- Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

## [3.0.0]

### Changed

- **BREAKING**: `jwt.verify` now requires an `algorithm` parameter, and
  `jws.createVerify` requires an `algorithm` option. The `"alg"` field
  signature headers is ignored. This mitigates a critical security flaw
  in the library which would allow an attacker to generate signatures with
  arbitrary contents that would be accepted by `jwt.verify`. See
  https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
  for details.

## [2.0.0] - 2015-01-30

### Changed

- **BREAKING**: Default payload encoding changed from `binary` to
  `utf8`. `utf8` is a is a more sensible default than `binary` because
  many payloads, as far as I can tell, will contain user-facing
  strings that could be in any language. (<code>[6b6de48]</code>)

- Code reorganization, thanks [@fearphage]! (<code>[7880050]</code>)

### Added

- Option in all relevant methods for `encoding`. For those few users
  that might be depending on a `binary` encoding of the messages, this
  is for them. (<code>[6b6de48]</code>)

[unreleased]: https://github.com/brianloveswords/node-jws/compare/v2.0.0...HEAD
[2.0.0]: https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0
[7880050]: https://github.com/brianloveswords/node-jws/commit/7880050
[6b6de48]: https://github.com/brianloveswords/node-jws/commit/6b6de48
[@fearphage]: https://github.com/fearphage
@ Telegram