Skip to content

Update dependency jose to v6 #2558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
gardener-ci-robot wants to merge 4 commits into from
Closed

Update dependency jose to v6 #2558

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
19d47d2
Update dependency jose to v6
gardener-ci-robot Sep 4, 2025
0957269
Update dependency jose to v6
gardener-ci-robot Sep 4, 2025
38ffdfe
dynamic import for ESM only module
grolu Sep 4, 2025
9570980
Merge branch 'renovate/jose-6.x' of github.com:gardener/dashboard int…
grolu Sep 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 5 additions & 12 deletions .pnp.cjs
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Binary file removed .yarn/cache/jose-npm-5.10.0-4ce825ae05-e20d9fc58d.zip
View file
Open in desktop
Binary file not shown.
Binary file renamed ...jose-npm-6.0.12-a72b4e5569-e5ca51b078.zip → .../jose-npm-6.1.0-b52bb87803-f4518579e9.zip
View file
Open in desktop
Binary file not shown.
15 changes: 13 additions & 2 deletions backend/lib/security/jose.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,19 @@ import {
import { promisify } from 'util'
import jwt from 'jsonwebtoken'
import crypto from 'crypto'
import * as jose from 'jose'
import { v1 as uuidv1 } from 'uuid'
import base64url from 'base64url'

// ESM only depenedency jose must be wrapped in a dynamic import so that common js tests work
// TODO Remove when we switch to ESM tests
let josePromise = null
async function getJose () {
if (!josePromise) {
josePromise = import('jose')
}
return josePromise
}

const jwtSign = promisify(jwt.sign)
const jwtVerify = promisify(jwt.verify)

Expand Down Expand Up @@ -75,12 +84,13 @@ export default function createJose (sessionSecrets) {
decode (token) {
return jwt.decode(token) || {}
},
encrypt (text) {
async encrypt (text) {
const encodedText = encoder.encode(text)
const protectedHeader = {
enc: 'A128CBC-HS256',
alg: 'PBES2-HS256+A128KW',
}
const jose = await getJose()
return new jose.CompactEncrypt(encodedText)
.setProtectedHeader(protectedHeader)
.encrypt(symetricKey)
Expand All @@ -92,6 +102,7 @@ export default function createJose (sessionSecrets) {
let firstError
for (const symetricKey of symmetricKeys) {
try {
const jose = await getJose()
const { plaintext } = await jose.compactDecrypt(data, symetricKey, options)
return decoder.decode(plaintext)
} catch (err) {
Expand Down
2 changes: 1 addition & 1 deletion backend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
"fnv-plus": "^1.3.1",
"helmet": "^8.0.0",
"http-errors": "^2.0.0",
"jose": "^5.2.3",
"jose": "^6.0.0",
"js-yaml": "^4.1.0",
"jsonwebtoken": "^9.0.2",
"lodash": "^4.17.21",
Expand Down
17 changes: 5 additions & 12 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -988,7 +988,7 @@ __metadata:
helmet: "npm:^8.0.0"
http-errors: "npm:^2.0.0"
jest: "npm:^30.0.0"
jose: "npm:^5.2.3"
jose: "npm:^6.0.0"
js-yaml: "npm:^4.1.0"
jsonwebtoken: "npm:^9.0.2"
lodash: "npm:^4.17.21"
Expand Down Expand Up @@ -8021,17 +8021,10 @@ __metadata:
languageName: node
linkType: hard

"jose@npm:^5.2.3":
version: 5.10.0
resolution: "jose@npm:5.10.0"
checksum: 10c0/e20d9fc58d7e402f2e5f04e824b8897d5579aae60e64cb88ebdea1395311c24537bf4892f7de413fab1acf11e922797fb1b42269bc8fc65089a3749265ccb7b0
languageName: node
linkType: hard

"jose@npm:^6.0.12":
version: 6.0.12
resolution: "jose@npm:6.0.12"
checksum: 10c0/e5ca51b078b2443f6ca671e14d72e0ffd21b760dac0d77cabd7af649a127376ec90665c8b25f34dd88bb31094915ee662daf76e0b33a025d28dbc2bc17413dec
"jose@npm:^6.0.0, jose@npm:^6.0.12":
version: 6.1.0
resolution: "jose@npm:6.1.0"
checksum: 10c0/f4518579e907317e144facd15c7627acd06097bbea17735097437217498aa419564c039dd4020f6af5f2d024a7cee6b7be4648ccbbdc238aedb80a47c061217d
languageName: node
linkType: hard

Expand Down
Loading