fix(deps): update dependency jose to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jose	5.10.0 -> 6.1.3

---

Release Notes

panva/jose (jose)

v6.1.3

Compare Source

Refactor

• avoid export * as for google closure's compiler sake (6303d98), closes #​832

v6.1.2

Compare Source

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #​765 #​803 #​821 #​827 #​828

v6.1.1

Compare Source

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

v6.1.0

Compare Source

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

v6.0.13

Compare Source

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

v6.0.12

Compare Source

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)
• update asn1.ts helper functions (b2b611c)

v6.0.11

Compare Source

Fixes

• typ checking edge-cases when it contains a slash (/) character (31e4baf)

v6.0.10

Compare Source

Refactor

• removed unused claims methods (74719cf)
• reorganize jwt claim set utils (1f12d88)

v6.0.9

Compare Source

Documentation

• add more symbol document, ignore ts-private fields (8b73687)
• bump typedoc (6163a8b)
• drop cdnjs links in README (a910038)
• drop denoland/x links in README and add jsr (3662b9e)
• fix key export links from docs/README.md (c8edfc2)

Refactor

• always assume structuredClone is present (f7898a9)
• hide internal private fields and drop ProduceJWT inheritance (ab18881)
• less objects when JWE JWT Replicated Header Parameters are used (c763a0e)

v6.0.8

Compare Source

Fixes

• export [customFetch] symbol from the default entrypoint (1615614), closes #​762

v6.0.7

Compare Source

Documentation

• improve generate key/secret and import function descriptions (cd06359)

Fixes

• use [customFetch] when provided to createRemoteJWKSet (35f6509), closes #​760

v6.0.6

Compare Source

Refactor

• move base64url around (e1350ef)

Documentation

• add various exported symbol descriptions (3b8ff71)
• add various exported symbol descriptions (fc4e7da)
• add various exported symbol descriptions (74f02c8)
• update base64url function descriptions (03d72c8)

v6.0.5

Compare Source

Refactor

• types: make JWKParameters.kty compatible with @​types/node and @​types/web (bb6ccfe)

Documentation

• add various exported symbol descriptions (f52c2ff)

v6.0.4

Compare Source

Refactor

• optimize base64 with tc39/proposal-arraybuffer-base64 (8a0da69), closes #​752
• update getSPKI to use crypto.createPublicKey when available (92392a0), closes #​752
• use Double HMAC pattern for AES-CBC tag comparison (f3ba4c7), closes #​752

v6.0.3

Compare Source

Documentation

• remove root module tag so that README.md shows up on jsr.io (ee70698)

v6.0.2

Compare Source

Documentation

• add module tags to all entrypoints (a5687aa)

v6.0.1

Compare Source

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

v6.0.0

Compare Source

⚠ BREAKING CHANGES

• The PEMImportOptions type interface is renamed to KeyImportOptions.
• all builds and bundles now use ES2022 as target
• createRemoteJWKSet now uses fetch, because of that its Node.js only options.agent property has been removed and new fetch-related options were added
• drop support for Ed448 and X448
• drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey"
• resolved keys returned as part of verify/decrypt operations (when get key functions are used) are always normalized to either Uint8Array / CryptoKey depending on what's more efficient for the executed operation
• Key "Type" Generics are removed
• CJS-style require is now only possible when require(esm) support is present in the Node.js runtime
• private KeyObject instances can no longer be used for verify operations
• private KeyObject instances can no longer be used for encryption operations
• generateSecret, generateKeyPair, importPKCS8, importSPKI, importJWK, and importX509 now yield a CryptoKey instead of a KeyObject in Node.js
• drop support for Node.js 18.x and earlier
• runtime-specific npm releases (jose-browser-runtime, jose-node-cjs-runtime, and jose-node-esm-runtime) are no longer maintained or supported
• removed secp256k1 JWS support
• removed deprecated experimental APIs
• removed RSA1_5 JWE support

Features

• enable CryptoKey and KeyObject inputs in JWK thumbprint functions (6fc9c44)
• JSON Web Key is now an allowed input everywhere (ebda967)

Refactor

• always use infered CryptoKey (c4abaa2)
• backport the Ed25519 JWS Algorithm Identifier support (7a94cb9)
• drop support for Ed448 and X448 (2fae1c4)
• drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey" (ef918be)
• ensure export functions continue to work with KeyObject inputs (28e9e68)
• hardcode the cryptoRuntime export since it is now always WebCryptoAPI (e00f273)
• JWK import extractable default for public keys is now true (64dcebe)
• PEM import extractable default for public keys is now true (4e9f114)
• removed deprecated APIs (5352083)
• removed secp256k1 JWS support (e2b58a5)
• restructure src/lib and src/runtime now that runtime is fixed (9b236ce)
• target is now ES2022 everywhere (aa590d5)
• update importJWK args to align with other import functions (355a2dd)
• WebCryptoAPI is now the only crypto used (161de46)

---

Configuration

📅 Schedule: Branch creation - "after 9pm,before 6am" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.