Bump jose from 4.3.8 to 4.14.1

[dependabot]

Bumps jose from 4.3.8 to 4.14.1.

Release notes

Sourced from jose's releases.

v4.14.1

This release is to start using provenance statements.

v4.14.0

Features

• add requiredClaims JWT validation option (eeea91d)

v4.13.2

This release contains only minor code refactoring, documentation, and IntelliSense updates.

v4.13.1

Fixes

• workerd: avoid "The script will never generate a response" edge cases completely (96a8c99), closes #355 #509

v4.13.0

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

v4.12.2

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

v4.12.1

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

v4.12.0

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))
const options = {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
</tr></table>

... (truncated)

Changelog

Sourced from jose's changelog.

4.14.1 (2023-04-20)

4.14.0 (2023-04-14)

Features

• add requiredClaims JWT validation option (eeea91d)

4.13.2 (2023-04-12)

Refactor

• src/util/decode_protected_header.ts (5716725)

4.13.1 (2023-03-02)

Fixes

• workerd: avoid "The script will never generate a response" edge cases completely (96a8c99), closes #355 #509

4.13.0 (2023-02-27)

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

4.12.2 (2023-02-27)

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

4.12.1 (2023-02-27)

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

... (truncated)

Commits

• c4c93d2 chore(release): 4.14.1
• 35820b7 build: publish with provenance
• 2d603e8 chore: upgrade dev deps
• 515b092 chore: cleanup after publish
• 6db76fa chore(release): 4.14.0
• 435dd2f chore: upgrade dev deps
• c6dccb0 docs: doc-deprecate JWE Compression
• eeea91d feat: add requiredClaims JWT validation option
• 3108ade chore: bump dev deps
• a505724 chore: cleanup after publish
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)