Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: auth0/node-jsonwebtoken
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e54e53c70ad3fa0d6b54f916ea4a2a2d5a8c47c2
Choose a base ref
...
head repository: auth0/node-jsonwebtoken
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e1fa9dcc12054a8681db4e6373da1b30cf7016e3
Choose a head ref
45 contributors

Commits on May 13, 2017

  1. maxAge: Fix logic with number + use seconds instead of ms

    @ziluvatar
    ziluvatar committed May 13, 2017
    Copy the full SHA
    b61cc34 View commit details

Commits on Aug 29, 2017

  1. maxAge: Add validation to timespan result

    @ziluvatar
    ziluvatar committed Aug 29, 2017
    Copy the full SHA
    66a4f8b View commit details

Commits on Sep 6, 2017

  1. Remove joi to shrink module size (#348) 

    * Add cost-of-modules report to npm test

Results before any changes

┌─────────────┬────────────┬───────┐
│ name        │ children   │ size  │
├─────────────┼────────────┼───────┤
│ joi         │ 4          │ 3.12M │ <--!!!
├─────────────┼────────────┼───────┤
│ jws         │ 5          │ 0.18M │
├─────────────┼────────────┼───────┤
│ lodash.once │ 0          │ 0.01M │
├─────────────┼────────────┼───────┤
│ ms          │ 0          │ 0.01M │
├─────────────┼────────────┼───────┤
│ xtend       │ 0          │ 0.00M │
├─────────────┼────────────┼───────┤
│ 5 modules   │ 9 children │ 3.32M │
└─────────────┴────────────┴───────┘

* Replace joi with bespoke validator based on lodash

Dramatically reduces the module size without breaking ES5 compatability -

┌──────────────────────┬────────────┬───────┐
│ name                 │ children   │ size  │
├──────────────────────┼────────────┼───────┤
│ jws                  │ 5          │ 0.18M │
├──────────────────────┼────────────┼───────┤
│ lodash.includes      │ 0          │ 0.02M │
├──────────────────────┼────────────┼───────┤
│ lodash.once          │ 0          │ 0.01M │
├──────────────────────┼────────────┼───────┤
│ lodash.isinteger     │ 0          │ 0.01M │
├──────────────────────┼────────────┼───────┤
│ ms                   │ 0          │ 0.01M │
├──────────────────────┼────────────┼───────┤
│ lodash.isplainobject │ 0          │ 0.01M │
├──────────────────────┼────────────┼───────┤
│ xtend                │ 0          │ 0.00M │
├──────────────────────┼────────────┼───────┤
│ lodash.isstring      │ 0          │ 0.00M │
├──────────────────────┼────────────┼───────┤
│ lodash.isboolean     │ 0          │ 0.00M │
├──────────────────────┼────────────┼───────┤
│ lodash.isnumber      │ 0          │ 0.00M │
├──────────────────────┼────────────┼───────┤
│ lodash.isarray       │ 0          │ 0.00M │
├──────────────────────┼────────────┼───────┤
│ 11 modules           │ 5 children │ 0.25M │
└──────────────────────┴────────────┴───────┘

* Enhance validator error messages and add tests
    @chrisprice @ziluvatar
    chrisprice authored and ziluvatar committed Sep 6, 2017
    Copy the full SHA
    2e7e68d View commit details

  2. Reduce size of NPM package (#347)

    @jorrit @ziluvatar
    jorrit authored and ziluvatar committed Sep 6, 2017
    Copy the full SHA
    0be5409 View commit details

  3. verify: remove process.nextTick (#302) 

    running synchronous code asynchronously using process.nextTick
has a negative latency impact
    @ilyapx @ziluvatar
    ilyapx authored and ziluvatar committed Sep 6, 2017
    Copy the full SHA
    3305cf0 View commit details

  4. Merge pull request #349 from ziluvatar/fix-max-age-number-and-seconds 

    maxAge: Fix logic with number + use seconds instead of ms
    @fiddur
    fiddur authored Sep 6, 2017
    Copy the full SHA
    cfc04a9 View commit details

  5. docs: readme, migration notes

    @ziluvatar
    ziluvatar committed Sep 6, 2017
    Copy the full SHA
    12cd8f7 View commit details

  6. Merge pull request #393 from ziluvatar/migration-notes-to-readme 

    docs: readme, migration notes
    @glena
    glena authored Sep 6, 2017
    Copy the full SHA
    2ec3263 View commit details

  7. updated changelog

    @ziluvatar
    ziluvatar committed Sep 6, 2017
    Copy the full SHA
    f38bd8e View commit details

  8. 8.0.0

    @ziluvatar
    ziluvatar committed Sep 6, 2017
    Copy the full SHA
    f313850 View commit details

Commits on Sep 12, 2017

  1. Remove lodash.isarray dependency (#394)

    @chmelevskij @ziluvatar
    chmelevskij authored and ziluvatar committed Sep 12, 2017
    Copy the full SHA
    7508e89 View commit details

  2. update changelog

    @ziluvatar
    ziluvatar committed Sep 12, 2017
    Copy the full SHA
    71e900d View commit details

  3. 8.0.1

    @ziluvatar
    ziluvatar committed Sep 12, 2017
    Copy the full SHA
    bb39501 View commit details

Commits on Sep 15, 2017

  1. Fix typo in 'options.header' reference; Update Buffer() example to us… 

    …e recommended method (#380)
    @ziluvatar
    oughter authored and ziluvatar committed Sep 15, 2017
    Copy the full SHA
    128a9e1 View commit details

Commits on Oct 9, 2017

  1. #385: Tweak README (#408) 

    * #385: Tweak README

* #385 Further wording tweaks for consistency.
    @aldermoovel @ziluvatar
    aldermoovel authored and ziluvatar committed Oct 9, 2017
    Copy the full SHA
    d3f996b View commit details

  2. #402: Don't fail if captureStackTrace is not a function (#410)

    @aldermoovel @ziluvatar
    aldermoovel authored and ziluvatar committed Oct 9, 2017
    Copy the full SHA
    77ee965 View commit details

  3. Enhance audience check to verify against regular expressions (#398) 

    * Enhance audience check to verify against regular expressions

* Enhance audience check to verify against regular expressions

* Adapted README to have a showcase of the new RegExp-check for the audience validation
    @TheBusCantSwim @ziluvatar
    TheBusCantSwim authored and ziluvatar committed Oct 9, 2017
    Copy the full SHA
    81501a1 View commit details

  4. #403: Clarify error wording. (#409) 

    * #403: Clarify error wording.

* #403: Improve wording for payload vs options
    @aldermoovel @ziluvatar
    aldermoovel authored and ziluvatar committed Oct 9, 2017
    Copy the full SHA
    bb27eb3 View commit details

  5. update changelog

    @ziluvatar
    ziluvatar committed Oct 9, 2017
    Copy the full SHA
    5c08f65 View commit details

  6. 8.1.0

    @ziluvatar
    ziluvatar committed Oct 9, 2017
    Copy the full SHA
    efa517a View commit details

Commits on Nov 17, 2017

  1. Minor typo (#424)

    @ziluvatar
    Harkirat Singh authored and ziluvatar committed Nov 17, 2017
    Copy the full SHA
    dddcb73 View commit details

Commits on Jan 10, 2018

  1. add newer node versions to build matrix (#428) 

    * add newer node versions to build matrix

* Dont test for node 9

Its not stable and seems to fail on travis
    @DanielMSchmidt @ziluvatar
    DanielMSchmidt authored and ziluvatar committed Jan 10, 2018
    Copy the full SHA
    83f3eee View commit details

Commits on Jan 19, 2018

  1. Bump ms version to add support for negative numbers (#438)

    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jan 19, 2018
    Copy the full SHA
    25e0e62 View commit details

  2. Not Before (nbf) calculated based on iat/timestamp (#437) 

    fix #435
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jan 19, 2018
    Copy the full SHA
    2764a64 View commit details

Commits on Jan 22, 2018

  1. update changelog

    @ziluvatar
    ziluvatar committed Jan 22, 2018
    Copy the full SHA
    d265cf1 View commit details

  2. 8.1.1

    @ziluvatar
    ziluvatar committed Jan 22, 2018
    Copy the full SHA
    7b0a010 View commit details

Commits on Mar 2, 2018

  1. Add a new mutatePayload option (#446) 

    This option allows you to keep a reference to the raw token payload after claims have been applied to it but before it has been encoded.
    @jondubois @ziluvatar
    jondubois authored and ziluvatar committed Mar 2, 2018
    Copy the full SHA
    d6d7c5e View commit details

  2. update changelog

    @ziluvatar
    ziluvatar committed Mar 2, 2018
    Copy the full SHA
    c86a093 View commit details

  3. 8.2.0

    @ziluvatar
    ziluvatar committed Mar 2, 2018
    Copy the full SHA
    dee583a View commit details

  4. Clarify that buffer/string payloads must be JSON (#442) 

    It does kinda go without saying that JWTs (_JSON_ Web Tokens) need to contain JSON but it's worth mentioning that signing doesn't check your payload.  In some unit tests I was writing where the payload was a dummy (non-JSON parsable) string, JWTs were being signed okay but they're not valid according to the spec.
    @davidjb @ziluvatar
    davidjb authored and ziluvatar committed Mar 2, 2018
    1
    Copy the full SHA
    e8ac1be View commit details

Commits on Apr 5, 2018

  1. Check payload is not null when decoded. (#444) 

    * Check payload is not null when decoded.
Fixed "Cannot read property 'nbf' of null"

* Condition on obj !== null for clarity

* Added test for decoding null token
    @Gp2mv3 @ziluvatar
    Gp2mv3 authored and ziluvatar committed Apr 5, 2018
    Copy the full SHA
    1232ae9 View commit details

  2. update changelog

    @ziluvatar
    ziluvatar committed Apr 5, 2018
    Copy the full SHA
    7a9954a View commit details

  3. 8.2.1

    @ziluvatar
    ziluvatar committed Apr 5, 2018
    Copy the full SHA
    092d55a View commit details

Commits on Apr 26, 2018

  1. Update README.md (#461)

    @joshunger @ziluvatar
    joshunger authored and ziluvatar committed Apr 26, 2018
    Copy the full SHA
    f0e0954 View commit details

Commits on May 22, 2018

  1. fix ci execution, remove not needed script (#472)

    @ziluvatar @jfromaniello
    ziluvatar authored and jfromaniello committed May 22, 2018
    Copy the full SHA
    c8ff7b2 View commit details

Commits on May 23, 2018

  1. add some clarifications (#473)

    @ziluvatar @jstrutz
    ziluvatar authored and jstrutz committed May 23, 2018
    Copy the full SHA
    cd33cc8 View commit details

Commits on May 30, 2018

  1. deps: jws@3.1.5 (#477) 

    Update 'jws' dependency to latest to fix a security issue
    @ziluvatar @lbalmaceda
    ziluvatar authored and lbalmaceda committed May 30, 2018
    Copy the full SHA
    ebde9b7 View commit details

  2. update changelog

    @ziluvatar
    ziluvatar committed May 30, 2018
    Copy the full SHA
    5e3e396 View commit details

  3. 8.2.2

    @ziluvatar
    ziluvatar committed May 30, 2018
    Copy the full SHA
    73c4a5a View commit details

Commits on Jun 11, 2018

  1. Secret callback revisited (#480) 

    * Introduction of the secret callback

Without the more contentious 'none'-changes

* Removed some spaces...

I should really add a editor.config and eslint to this project ;-)

* Removed xtend as a dependency, as the native Object.Assign can do this as well

* Removed xtend as a dependency, as the native Object.Assign can do this as well

* Resolve feedback from review

* Added extra test and fixed the associated bug

* The return of the header

* Forgot to change this one as well... Sorry bout that

* Updated the readme and made the if-statements consistent

* Space; The final frontier
    @JacoKoster @ziluvatar
    JacoKoster authored and ziluvatar committed Jun 11, 2018
    Copy the full SHA
    d01cc7b View commit details

  2. update changelog

    @ziluvatar
    ziluvatar committed Jun 11, 2018
    Copy the full SHA
    969813f View commit details

  3. 8.3.0

    @ziluvatar
    ziluvatar committed Jun 11, 2018
    Copy the full SHA
    ad98358 View commit details

Commits on Jun 16, 2018

  1. Added Istanbul to check test-coverage (#468) 

    * Added Istanbul to check test-coverage

* node_modules_bak is generated and automatically removed by cost-of-modules and isn't needed in the ignore.
    @JacoKoster @ziluvatar
    JacoKoster authored and ziluvatar committed Jun 16, 2018
    Copy the full SHA
    9676a83 View commit details

  2. Use lolex for faking date in tests (#491) 

    Sinon.JS provides a project called lolex to handle faking dates. This
change replaces the fakeDate utility with the equivalent Sinon.JS code.
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jun 16, 2018
    Copy the full SHA
    677ead6 View commit details

Commits on Jun 25, 2018

  1. Complete ESLint conversion and cleanup (#490) 

    * Add extension to ESLint config file

The .eslintrc file without an extension was deprecated a few years ago,
so this change renames the file to add the required extension.

See: eslint/eslint@c9a8883

* Add ESLint to package.json

This change adds ESLint as a dev-dependency and adds a lint script that
will run ESLint.

* Complete switch from JSHint to ESLint

Convert all the JSHint rules to the ESLint equivalents where possible.
The no-undef rule in ESLint caught a few cases of undefined usages in
the tests, so they were also fixed.

* Add a .eslintignore file

The HTML coverage report is currently being linted, which causes a lot
if invalid linting errors. This change adds a ignore file to ensure these
files are properly skipped during linting.
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jun 25, 2018
    Copy the full SHA
    cb1d2e1 View commit details

  2. Make code-coverage mandatory when running tests (#495) 

    * Made code-coverage mandatory when running the tests.

* Missed the trailing-comma...
    @JacoKoster @ziluvatar
    JacoKoster authored and ziluvatar committed Jun 25, 2018
    Copy the full SHA
    fb0084a View commit details

Commits on Jun 27, 2018

  1. Refactor tests related to notBefore and nbf (#497) 

    This change extracts all tests in the current files related to notBefore
and nbf into a single test file. It also adds several missing related
tests.
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jun 27, 2018
    Copy the full SHA
    39adf87 View commit details

Commits on Jul 6, 2018

  1. Refactor tests related to expiresIn and exp (#501) 

    This change extracts all tests in the current test files related
to expiresIn and exp into a single test file. It also adds several
missing tests.
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jul 6, 2018
    Copy the full SHA
    72f0d9e View commit details

Commits on Jul 12, 2018

  1. Refactor tests related to audience and aud (#503) 

    This change extracts all tests in the existing test files related to
audience and aud into a single test file. Several other tests are also
added that were missing from the existing files.
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jul 12, 2018
    Copy the full SHA
    53d405e View commit details

Commits on Jul 20, 2018

  1. Minor test refactoring for recently added tests (#504) 

    * Prefix claim- to claim related test files

* Fix typo of "signWithNoBfore" in notBefore tests
    @MitMaro @ziluvatar
    MitMaro authored and ziluvatar committed Jul 20, 2018
    Copy the full SHA
    e2860a9 View commit details
Showing with 4,034 additions and 936 deletions.
  1. +47 −0 .circleci/config.yml
  2. +3 −0 .editorconfig
  3. +2 −0 .eslintignore
  4. +23 −0 .eslintrc.json
  5. +18 −0 .github/workflows/semgrep.yml
  6. +3 −1 .gitignore
  7. +0 −22 .jshintrc
  8. +0 −8 .travis.yml
  9. +146 −0 CHANGELOG.md
  10. +131 −42 README.md
  11. +1 −1 decode.js
  12. +5 −1 index.js
  13. +4 −2 lib/JsonWebTokenError.js
  14. +3 −0 lib/asymmetricKeyDetailsSupported.js
  15. +3 −0 lib/psSupported.js
  16. +3 −0 lib/rsaPssKeyDetailsSupported.js
  17. +66 −0 lib/validateAsymmetricKey.js
  18. +6 −0 opslevel.yml
  19. +39 −14 package.json
  20. +141 −50 sign.js
  21. +5 −0 test/.eslintrc.json
  22. +59 −8 test/async_sign.tests.js
  23. +436 −0 test/claim-aud.test.js
  24. +343 −0 test/claim-exp.test.js
  25. +276 −0 test/claim-iat.test.js
  26. +205 −0 test/claim-iss.test.js
  27. +155 −0 test/claim-jti.test.js
  28. +339 −0 test/claim-nbf.test.js
  29. +73 −0 test/claim-private.tests.js
  30. +153 −0 test/claim-sub.tests.js
  31. +11 −0 test/decoding.tests.js
  32. +36 −0 test/dsa-private.pem
  33. +36 −0 test/dsa-public.pem
  34. +0 −41 test/expires_format.tests.js
  35. +97 −0 test/header-kid.test.js
  36. +0 −22 test/iat.tests.js
  37. +1 −2 test/invalid_exp.tests.js
  38. +0 −15 test/issue_196.tests.js
  39. +5 −5 test/issue_304.tests.js
  40. +68 −309 test/jwt.asymmetric_signing.tests.js
  41. +38 −12 test/jwt.hs.tests.js
  42. +39 −0 test/jwt.malicious.tests.js
  43. +0 −9 test/keyid.tests.js
  44. +0 −15 test/non_object_values.tests.js
  45. +53 −0 test/option-complete.test.js
  46. +70 −0 test/option-maxAge.test.js
  47. +57 −0 test/option-nonce.test.js
  48. +5 −0 test/prime256v1-private.pem
  49. +29 −0 test/rsa-pss-invalid-salt-length-private.pem
  50. +29 −0 test/rsa-pss-private.pem
  51. +33 −2 test/rsa-public-key.tests.js
  52. +76 −0 test/schema.tests.js
  53. +6 −0 test/secp384r1-private.pem
  54. +7 −0 test/secp521r1-private.pem
  55. +125 −0 test/test-utils.js
  56. +0 −1 test/undefined_secretOrPublickey.tests.js
  57. +0 −32 test/util/fakeDate.js
  58. +142 −0 test/validateAsymmetricKey.tests.js
  59. +186 −218 test/verify.tests.js
  60. +11 −0 test/wrong_alg.tests.js
  61. +186 −104 verify.js
47 changes: 47 additions & 0 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
version: 2.1

# Thanks to https://github.com/teppeis-sandbox/circleci2-multiple-node-versions

commands:
test-nodejs:
steps:
- run:
name: Versions
command: npm version
- checkout
- run:
name: Install dependencies
command: npm install
- run:
name: Test
command: npm test

jobs:
node-v12:
docker:
- image: node:12
steps:
- test-nodejs
node-v14:
docker:
- image: node:14
steps:
- test-nodejs
node-v16:
docker:
- image: node:16
steps:
- test-nodejs
node-v18:
docker:
- image: node:18
steps:
- test-nodejs

workflows:
node-multi-build:
jobs:
- node-v12
- node-v14
- node-v16
- node-v18
3 changes: 3 additions & 0 deletions .editorconfig
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[*]
indent_style = space
indent_size = 2
2 changes: 2 additions & 0 deletions .eslintignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
.nyc_output/
coverage/
23 changes: 23 additions & 0 deletions .eslintrc.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{
"root": true,
"parserOptions": {
"ecmaVersion": 6
},
"env": {
"es6": true,
"node": true
},
"rules": {
"comma-style": "error",
"dot-notation": "error",
"indent": ["error", 2],
"no-control-regex": "error",
"no-div-regex": "error",
"no-eval": "error",
"no-implied-eval": "error",
"no-invalid-regexp": "error",
"no-trailing-spaces": "error",
"no-undef": "error",
"no-unused-vars": "error"
}
}
18 changes: 18 additions & 0 deletions .github/workflows/semgrep.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Semgrep

on:
pull_request_target: {}
push:
branches: ["master", "main"]
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
steps:
- uses: actions/checkout@v3
- run: semgrep ci
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
4 changes: 3 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
node_modules
.DS_Store
.DS_Store
.nyc_output
coverage
22 changes: 0 additions & 22 deletions .jshintrc
View file

This file was deleted.

8 changes: 0 additions & 8 deletions .travis.yml
View file

This file was deleted.

146 changes: 146 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -4,6 +4,152 @@
All notable changes to this project will be documented in this file starting from version **v4.0.0**.
This project adheres to [Semantic Versioning](http://semver.org/).

## 9.0.0 - 2022-12-21

**Breaking changes: See [Migration from v8 to v9](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)**

### Breaking changes

- Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)
- RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)
- Key types must be valid for the signing / verification algorithm

### Security fixes

- security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529
- security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540
- security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541
- security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539

## 8.5.1 - 2019-03-18

### Bug fix

- fix: ensure correct PS signing and verification (#585) ([e5874ae428ffc0465e6bd4e660f89f78b56a74a6](https://github.com/auth0/node-jsonwebtoken/commit/e5874ae428ffc0465e6bd4e660f89f78b56a74a6)), closes [#585](https://github.com/auth0/node-jsonwebtoken/issues/585)

### Docs

- README: fix markdown for algorithms table ([84e03ef70f9c44a3aef95a1dc122c8238854f683](https://github.com/auth0/node-jsonwebtoken/commit/84e03ef70f9c44a3aef95a1dc122c8238854f683))

## 8.5.0 - 2019-02-20

### New Functionality

- feat: add PS JWA support for applicable node versions (#573) ([eefb9d9c6eec54718fa6e41306bda84788df7bec](https://github.com/auth0/node-jsonwebtoken/commit/eefb9d9c6eec54718fa6e41306bda84788df7bec)), closes [#573](https://github.com/auth0/node-jsonwebtoken/issues/573)
- Add complete option in jwt.verify (#522) ([8737789dd330cf9e7870f4df97fd52479adbac22](https://github.com/auth0/node-jsonwebtoken/commit/8737789dd330cf9e7870f4df97fd52479adbac22)), closes [#522](https://github.com/auth0/node-jsonwebtoken/issues/522)

### Test Improvements

- Add tests for private claims in the payload (#555) ([5147852896755dc1291825e2e40556f964411fb2](https://github.com/auth0/node-jsonwebtoken/commit/5147852896755dc1291825e2e40556f964411fb2)), closes [#555](https://github.com/auth0/node-jsonwebtoken/issues/555)
- Force use_strict during testing (#577) ([7b60c127ceade36c33ff33be066e435802001c94](https://github.com/auth0/node-jsonwebtoken/commit/7b60c127ceade36c33ff33be066e435802001c94)), closes [#577](https://github.com/auth0/node-jsonwebtoken/issues/577)
- Refactor tests related to jti and jwtid (#544) ([7eebbc75ab89e01af5dacf2aae90fe05a13a1454](https://github.com/auth0/node-jsonwebtoken/commit/7eebbc75ab89e01af5dacf2aae90fe05a13a1454)), closes [#544](https://github.com/auth0/node-jsonwebtoken/issues/544)
- ci: remove nsp from tests (#569) ([da8f55c3c7b4dd0bfc07a2df228500fdd050242a](https://github.com/auth0/node-jsonwebtoken/commit/da8f55c3c7b4dd0bfc07a2df228500fdd050242a)), closes [#569](https://github.com/auth0/node-jsonwebtoken/issues/569)

### Docs

- Fix 'cert' token which isn't a cert (#554) ([0c24fe68cd2866cea6322016bf993cd897fefc98](https://github.com/auth0/node-jsonwebtoken/commit/0c24fe68cd2866cea6322016bf993cd897fefc98)), closes [#554](https://github.com/auth0/node-jsonwebtoken/issues/554)


## 8.4.0 - 2018-11-14

### New Functionality

- Add verify option for nonce validation (#540) ([e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0](https://github.com/auth0/node-jsonwebtoken/commit/e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0)), closes [#540](https://github.com/auth0/node-jsonwebtoken/issues/540)

### Bug Fixes

- Updating Node version in Engines spec in package.json (#528) ([cfd1079305170a897dee6a5f55039783e6ee2711](https://github.com/auth0/node-jsonwebtoken/commit/cfd1079305170a897dee6a5f55039783e6ee2711)), closes [#528](https://github.com/auth0/node-jsonwebtoken/issues/528) [#509](https://github.com/auth0/node-jsonwebtoken/issues/509)
- Fixed error message when empty string passed as expiresIn or notBefore option (#531) ([7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76](https://github.com/auth0/node-jsonwebtoken/commit/7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76)), closes [#531](https://github.com/auth0/node-jsonwebtoken/issues/531)

### Docs

- Update README.md (#527) ([b76f2a80f5229ee5cde321dd2ff14aa5df16d283](https://github.com/auth0/node-jsonwebtoken/commit/b76f2a80f5229ee5cde321dd2ff14aa5df16d283)), closes [#527](https://github.com/auth0/node-jsonwebtoken/issues/527)
- Update README.md (#538) ([1956c4006472fd285b8a85074257cbdbe9131cbf](https://github.com/auth0/node-jsonwebtoken/commit/1956c4006472fd285b8a85074257cbdbe9131cbf)), closes [#538](https://github.com/auth0/node-jsonwebtoken/issues/538)
- Edited the README.md to make certain parts of the document for the api easier to read, emphasizing the examples. (#548) ([dc89a641293d42f72ecfc623ce2eabc33954cb9d](https://github.com/auth0/node-jsonwebtoken/commit/dc89a641293d42f72ecfc623ce2eabc33954cb9d)), closes [#548](https://github.com/auth0/node-jsonwebtoken/issues/548)
- Document NotBeforeError (#529) ([29cd654b956529e939ae8f8c30b9da7063aad501](https://github.com/auth0/node-jsonwebtoken/commit/29cd654b956529e939ae8f8c30b9da7063aad501)), closes [#529](https://github.com/auth0/node-jsonwebtoken/issues/529)

### Test Improvements

- Use lolex for faking date in tests (#491) ([677ead6d64482f2067b11437dda07309abe73cfa](https://github.com/auth0/node-jsonwebtoken/commit/677ead6d64482f2067b11437dda07309abe73cfa)), closes [#491](https://github.com/auth0/node-jsonwebtoken/issues/491)
- Update dependencies used for running tests (#518) ([5498bdc4865ffb2ba2fd44d889fad7e83873bb33](https://github.com/auth0/node-jsonwebtoken/commit/5498bdc4865ffb2ba2fd44d889fad7e83873bb33)), closes [#518](https://github.com/auth0/node-jsonwebtoken/issues/518)
- Minor test refactoring for recently added tests (#504) ([e2860a9d2a412627d79741a95bc7159971b923b9](https://github.com/auth0/node-jsonwebtoken/commit/e2860a9d2a412627d79741a95bc7159971b923b9)), closes [#504](https://github.com/auth0/node-jsonwebtoken/issues/504)
- Create and implement async/sync test helpers (#523) ([683d8a9b31ad6327948f84268bd2c8e4350779d1](https://github.com/auth0/node-jsonwebtoken/commit/683d8a9b31ad6327948f84268bd2c8e4350779d1)), closes [#523](https://github.com/auth0/node-jsonwebtoken/issues/523)
- Refactor tests related to audience and aud (#503) ([53d405e0223cce7c83cb51ecf290ca6bec1e9679](https://github.com/auth0/node-jsonwebtoken/commit/53d405e0223cce7c83cb51ecf290ca6bec1e9679)), closes [#503](https://github.com/auth0/node-jsonwebtoken/issues/503)
- Refactor tests related to expiresIn and exp (#501) ([72f0d9e5b11a99082250665d1200c58182903fa6](https://github.com/auth0/node-jsonwebtoken/commit/72f0d9e5b11a99082250665d1200c58182903fa6)), closes [#501](https://github.com/auth0/node-jsonwebtoken/issues/501)
- Refactor tests related to iat and maxAge (#507) ([877bd57ab2aca9b7d230805b21f921baed3da169](https://github.com/auth0/node-jsonwebtoken/commit/877bd57ab2aca9b7d230805b21f921baed3da169)), closes [#507](https://github.com/auth0/node-jsonwebtoken/issues/507)
- Refactor tests related to iss and issuer (#543) ([0906a3fa80f52f959ac1b6343d3024ce5c7e9dea](https://github.com/auth0/node-jsonwebtoken/commit/0906a3fa80f52f959ac1b6343d3024ce5c7e9dea)), closes [#543](https://github.com/auth0/node-jsonwebtoken/issues/543)
- Refactor tests related to kid and keyid (#545) ([88645427a0adb420bd3e149199a2a6bf1e17277e](https://github.com/auth0/node-jsonwebtoken/commit/88645427a0adb420bd3e149199a2a6bf1e17277e)), closes [#545](https://github.com/auth0/node-jsonwebtoken/issues/545)
- Refactor tests related to notBefore and nbf (#497) ([39adf87a6faef3df984140f88e6724ddd709fd89](https://github.com/auth0/node-jsonwebtoken/commit/39adf87a6faef3df984140f88e6724ddd709fd89)), closes [#497](https://github.com/auth0/node-jsonwebtoken/issues/497)
- Refactor tests related to subject and sub (#505) ([5a7fa23c0b4ac6c25304dab8767ef840b43a0eca](https://github.com/auth0/node-jsonwebtoken/commit/5a7fa23c0b4ac6c25304dab8767ef840b43a0eca)), closes [#505](https://github.com/auth0/node-jsonwebtoken/issues/505)
- Implement async/sync tests for exp claim (#536) ([9ae3f207ac64b7450ea0a3434418f5ca58d8125e](https://github.com/auth0/node-jsonwebtoken/commit/9ae3f207ac64b7450ea0a3434418f5ca58d8125e)), closes [#536](https://github.com/auth0/node-jsonwebtoken/issues/536)
- Implement async/sync tests for nbf claim (#537) ([88bc965061ed65299a395f42a100fb8f8c3c683e](https://github.com/auth0/node-jsonwebtoken/commit/88bc965061ed65299a395f42a100fb8f8c3c683e)), closes [#537](https://github.com/auth0/node-jsonwebtoken/issues/537)
- Implement async/sync tests for sub claim (#534) ([342b07bb105a35739eb91265ba5b9dd33c300fc6](https://github.com/auth0/node-jsonwebtoken/commit/342b07bb105a35739eb91265ba5b9dd33c300fc6)), closes [#534](https://github.com/auth0/node-jsonwebtoken/issues/534)
- Implement async/sync tests for the aud claim (#535) ([1c8ff5a68e6da73af2809c9d87faaf78602c99bb](https://github.com/auth0/node-jsonwebtoken/commit/1c8ff5a68e6da73af2809c9d87faaf78602c99bb)), closes [#535](https://github.com/auth0/node-jsonwebtoken/issues/535)

### CI

- Added Istanbul to check test-coverage (#468) ([9676a8306428a045e34c3987bd0680fb952b44e3](https://github.com/auth0/node-jsonwebtoken/commit/9676a8306428a045e34c3987bd0680fb952b44e3)), closes [#468](https://github.com/auth0/node-jsonwebtoken/issues/468)
- Complete ESLint conversion and cleanup (#490) ([cb1d2e1e40547f7ecf29fa6635041df6cbba7f40](https://github.com/auth0/node-jsonwebtoken/commit/cb1d2e1e40547f7ecf29fa6635041df6cbba7f40)), closes [#490](https://github.com/auth0/node-jsonwebtoken/issues/490)
- Make code-coverage mandatory when running tests (#495) ([fb0084a78535bfea8d0087c0870e7e3614a2cbe5](https://github.com/auth0/node-jsonwebtoken/commit/fb0084a78535bfea8d0087c0870e7e3614a2cbe5)), closes [#495](https://github.com/auth0/node-jsonwebtoken/issues/495)


## 8.3.0 - 2018-06-11

- docs: add some clarifications (#473) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#473](https://github.com/auth0/node-jsonwebtoken/issues/473)
- ci: fix ci execution, remove not needed script (#472) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#472](https://github.com/auth0/node-jsonwebtoken/issues/472)
- new feature: Secret callback revisited (#480) ([d01cc7bcbdeb606d997a580f967b3169fcc622ba](https://github.com/auth0/node-jsonwebtoken/commit/d01cc7bcbdeb606d997a580f967b3169fcc622ba)), closes [#480](https://github.com/auth0/node-jsonwebtoken/issues/480)
- docs:Update README.md (#461) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#461](https://github.com/auth0/node-jsonwebtoken/issues/461)


## 8.2.2 - 2018-05-30

- security: deps: jws@3.1.5 (#477) ([ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51](https://github.com/auth0/node-jsonwebtoken/commit/ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51)), closes [#465](https://github.com/auth0/node-jsonwebtoken/issues/465)
- docs: add some clarifications (#473) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#473](https://github.com/auth0/node-jsonwebtoken/issues/473)
- ci: fix ci execution, remove not needed script (#472) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#472](https://github.com/auth0/node-jsonwebtoken/issues/472)
- docs: Update README.md (#461) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#461](https://github.com/auth0/node-jsonwebtoken/issues/461)


## 8.2.1 - 2018-04-05

- bug fix: Check payload is not null when decoded. (#444) ([1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5](https://github.com/auth0/node-jsonwebtoken/commit/1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5))
- docs: Clarify that buffer/string payloads must be JSON (#442) ([e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b](https://github.com/auth0/node-jsonwebtoken/commit/e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b))


## 8.2.0 - 2018-03-02

- Add a new mutatePayload option (#446) ([d6d7c5e5103f05a92d3633ac190d3025a0455be0](https://github.com/auth0/node-jsonwebtoken/commit/d6d7c5e5103f05a92d3633ac190d3025a0455be0))


## 8.1.1 - 2018-01-22

- ci: add newer node versions to build matrix (#428) ([83f3eee44e122da06f812d7da4ace1fa26c24d9d](https://github.com/auth0/node-jsonwebtoken/commit/83f3eee44e122da06f812d7da4ace1fa26c24d9d))
- deps: Bump ms version to add support for negative numbers (#438) ([25e0e624545eaef76f3c324a134bf103bc394724](https://github.com/auth0/node-jsonwebtoken/commit/25e0e624545eaef76f3c324a134bf103bc394724))
- docs: Minor typo (#424) ([dddcb73ac05de11b81feeb629f6cf78dd03d2047](https://github.com/auth0/node-jsonwebtoken/commit/dddcb73ac05de11b81feeb629f6cf78dd03d2047))
- bug fix: Not Before (nbf) calculated based on iat/timestamp (#437) ([2764a64908d97c043d62eba0bf6c600674f9a6d6](https://github.com/auth0/node-jsonwebtoken/commit/2764a64908d97c043d62eba0bf6c600674f9a6d6)), closes [#435](https://github.com/auth0/node-jsonwebtoken/issues/435)


## 8.1.0 - 2017-10-09

- #402: Don't fail if captureStackTrace is not a function (#410) ([77ee965d9081faaf21650f266399f203f69533c5](https://github.com/auth0/node-jsonwebtoken/commit/77ee965d9081faaf21650f266399f203f69533c5))
- #403: Clarify error wording for "Expected object" error. (#409) ([bb27eb346f0ff675a320b2de16b391a7cfeadc58](https://github.com/auth0/node-jsonwebtoken/commit/bb27eb346f0ff675a320b2de16b391a7cfeadc58))
- Enhance audience check to verify against regular expressions (#398) ([81501a17da230af7b74a3f7535ab5cd3a19c8315](https://github.com/auth0/node-jsonwebtoken/commit/81501a17da230af7b74a3f7535ab5cd3a19c8315))


## 8.0.1 - 2017-09-12

- Remove `lodash.isarray` dependency (#394) ([7508e8957cb1c778f72fa9a363a7b135b3c9c36d](https://github.com/auth0/node-jsonwebtoken/commit/7508e8957cb1c778f72fa9a363a7b135b3c9c36d))

## 8.0.0 - 2017-09-06

**Breaking changes: See [Migration notes from v7](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v7-to-v8)**

- docs: readme, migration notes ([12cd8f7f47224f904f6b8f39d1dee73775de4f6f](https://github.com/auth0/node-jsonwebtoken/commit/12cd8f7f47224f904f6b8f39d1dee73775de4f6f))
- verify: remove process.nextTick (#302) ([3305cf04e3f674b9fb7e27c9b14ddd159650ff82](https://github.com/auth0/node-jsonwebtoken/commit/3305cf04e3f674b9fb7e27c9b14ddd159650ff82))
- Reduce size of NPM package (#347) ([0be5409ac6592eeaae373dce91ec992fa101bd8a](https://github.com/auth0/node-jsonwebtoken/commit/0be5409ac6592eeaae373dce91ec992fa101bd8a))
- Remove joi to shrink module size (#348) ([2e7e68dbd59e845cdd940afae0a296f48438445f](https://github.com/auth0/node-jsonwebtoken/commit/2e7e68dbd59e845cdd940afae0a296f48438445f))
- maxAge: Add validation to timespan result ([66a4f8b996c8357727ce62a84605a005b2f5eb18](https://github.com/auth0/node-jsonwebtoken/commit/66a4f8b996c8357727ce62a84605a005b2f5eb18))

## 7.4.3 - 2017-08-17

- Fix breaking change on 7.4.2 for empty secret + "none" algorithm (sync code style) ([PR 386](https://github.com/auth0/node-jsonwebtoken/pull/386))
Loading