fix: update dependency jwks-rsa to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jwks-rsa	^1.8.1 -> ^3.0.0

---

Release Notes

auth0/node-jwks-rsa (jwks-rsa)

v3.1.0

Compare Source

Full Changelog

Added

• feat: resolve bun/deno compat issues #​374 (panva)

v3.0.1

Compare Source

Full Changelog

Fixed

• update types/jsonwebtoken update v9.0.0 #​349 (ToshihitoKon)
• Bump jsonwebtoken from 8.5.1 to 9.0.0 #​344 (dependabot[bot])

v3.0.0

Compare Source

Full Changelog

⚠️ BREAKING CHANGES

This release drops support for Node 10 and 12

• [major] bump jose #​333 (panva)

v2.1.5

Compare Source

Full Changelog

Fixed

• Fix GetVerificationKey typing to include undefined #​329 (AaronMoat)

v2.1.4

Compare Source

Full Changelog

Fixed

• Type definitions depend on jsonwebtoken #​314 (adamjmcgrath)

v2.1.3

Compare Source

Full Changelog

Fixed

• Fix issue with ES Express import #​310 (adamjmcgrath)

v2.1.2

Compare Source

Full Changelog

Fixed

• fix: express build error #​304 (blindperson)

v2.1.1

Compare Source

Full Changelog

Fixed

• fix: types-compabitility for express-jwt @​ 7 #​301 (carboneater)

v2.1.0

Compare Source

Full Changelog

Added

• add support for express-jwt@7 #​297 (jfromaniello)

Fixed

• fix(type): correct the wrong type of the getSigningKey function arg… #​289 (stegano)

v2.0.5

Compare Source

Full Changelog

Fixed

• Destroy the request when reaches the timeout (#​270) #​271 (amrsalama)
• [SDK-2833] Fix issue where errors were being cached #​268 (adamjmcgrath)

v2.0.4

Compare Source

Fixed

• [SDK-2626] getKeysInterceptor types #​251 (davidpatrick)

v2.0.3

Compare Source

Fixed

• Fix retrieveSigningKeys error #​242 (davidpatrick)

Security

• Bump jose from 2.0.3 to 2.0.5 #​244 (dependabot)

v2.0.2

Compare Source

Fixed

• Interceptor bind client #​237 (erikfried)
• Update type def for getSigningKey #​236 (davidpatrick)
• Use hostname instead of host when creating request #​233 (cjlpowers)

v2.0.1

Compare Source

Added

• Callback backwards compatbility for getSigningKey #​227 (davidpatrick)

Fixed

• Fix typescript declarations for v2 #​229 (davidpatrick)
• Fix typescript types for fetcher #​231 (itajaja)

v2.0.0

Compare Source

With version 2 we have added full JWK/JWS support. With this we have bumped the node version to minimum 10. We have also removed Axios and exposed a fetcher option to allow user's to completely override how the request to the jwksUri endpoint is made.

Breaking Changes

• Drops support for Node < 10
• No more callbacks, using async/await(promises)
• Removed Axios and changed the API to JwksClient

Changes

Added

• Full JWK/JWS Support #​205 (panva)

Changed

• Simplify request wrapper #​218 (davidpatrick)
• Pins to Node Version 10,12,14 #​212 (davidpatrick)
• Migrate from callbacks to async/await #​222 (davidpatrick)

Migration Guide from v1 to v2

Proxies

The proxy option has been removed from the JwksClient. Support for it was a little spotty through Axios, and we wanted to allow users to have more control over the flow. Now you can specify your proxy by overriding the requestAgent used with an agent with built-in proxy support, or by completely overriding the request library with the fetcher option.

// OLD
const oldClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  proxy: 'https://username:pass@address:port'
});

// NEW
const HttpsProxyAgent = require('https-proxy-agent');
const newClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgent: new HttpsProxyAgent('https://username:pass@address:port')
});

Request Agent Options

The library no longer gates what http(s) Agent is used, so we have removed requestAgentOptions and now expose the requestAgent option when creating a jwksClient.

// OLD
const oldClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgentOptions: {
    ca: fs.readFileSync(caFile)
  }
});

// NEW
const newClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgent: new https.Agent({
    ca: fs.readFileSync(caFile)
  })
});

Migrated Callbacks to Async/Await

The library no longer supports callbacks. We have migrated to async/await(promises).

// OLD
client.getSigningKey(kid, (err, key) => {
  const signingKey = key.getPublicKey();
});

// NEW
const key = await client.getSigningKey(kid);
const signingKey = key.getPublicKey();

v1.12.3

Compare Source

Added

• Add alg to SigningKey types #​220 (okko)

Fixed

• Fix npmjs resolves #​221 (adamjmcgrath)
• Fix Import default Axios instance #​216 (dsebastien)

v1.12.2

Compare Source

Fixed

• Added coverage folders to .npmignore

v1.12.1

Compare Source

Security

• Bump Axios to ^0.21.1 #​208 (72636c)

v1.12.0

Compare Source

Added

• Provide an alternative source for supplying keysets #​202 (davidpatrick)

Deprecation
We are deprecating passing in a jwksObject to the client for reasons laid out in #​202. In order to load keys from anything other than the jwksUri, please use the getKeysInterceptor.

  const client = new JwksClient({ 
    jwksUri: 'https://my-enterprise-id-provider/.well-known/jwks.json',
    getKeysInterceptor: (cb) => {
      const file = fs.readFileSync(jwksFile);
      return cb(null, file.keys);
    }
  });

v1.11.0

Compare Source

Added

• Add ability to configure proxy with env vars #​188 (lubomir-haralampiev)

v1.10.1

Compare Source

Fixed

• fix proxy agent for http #​182 (NShahri)
• fix dependencies for --production flag with npm #​180 (alexrqs)

v1.10.0

Compare Source

Added

• getSigningKeys return algorithm #​168 (moander)

Fixed

• Add missing async methods to Typescript type definitions #​163 (mwgamble)
• Fixing proxy on Axios #​176 (davidpatrick)
• Fix caching and rateLimiting on getSigningKeyAsync #​177 (davidpatrick)

v1.9.0

Compare Source

Added

• Add promisified methods to JwksClient #​161 (jimmyjames)
• Update express-jwt ^6.0.0 #​157 (davidpatrick)

Fixed

• Update Buffer initialization to non-deprecated method #​154 (cwardcode)
• Use axios url parameter instead of baseURL #​153 (novascreen)

Security

• Bump lodash from 4.17.15 to 4.17.19 [#​152](https://github.com/auth0/node-jwks

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.