From 814511d4fb56936bba9712521f6921a57e797abc Mon Sep 17 00:00:00 2001
From: L A Romeo <ukasyahrz@outlook.com>
Date: Sat, 1 Nov 2025 11:46:31 +0700
Subject: [PATCH] fix: update jws to 4.0.0 to resolve SlowBuffer deprecation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Dependency chain issue:
- jsonwebtoken → jws 3.2.2 → jwa 1.4.1 → buffer-equal-constant-time
- buffer-equal-constant-time uses SlowBuffer (removed in Node.js 25)
- jwa 1.4.2+ replaced buffer-equal-constant-time with crypto.timingSafeEqual
- jws 4.0.0 includes jwa 2.0.0 which has the fix
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 81f78da..9c73703 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
     "url": "https://github.com/auth0/node-jsonwebtoken/issues"
   },
   "dependencies": {
-    "jws": "^3.2.2",
+    "jws": "^4.0.0",
     "lodash.includes": "^4.3.0",
     "lodash.isboolean": "^3.0.3",
     "lodash.isinteger": "^4.0.4",