build(deps): bump jose from 1.28.1 to 4.13.1

[dependabot]

Bumps jose from 1.28.1 to 4.13.1.

Release notes

Sourced from jose's releases.

v4.13.1

Fixes

• workerd: avoid "The script will never generate a response" edge cases completely (96a8c99), closes #355 #509

v4.13.0

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

v4.12.2

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

v4.12.1

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

v4.12.0

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))
const options = {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
.jwtVerify(jwt, JWKS, options)
.catch(async (error) => {
if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') {
for await (const publicKey of error) {
try {
return await jose.jwtVerify(jwt, publicKey, options)
} catch (innerError) {
if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') {
continue
}
throw innerError
</tr></table>

... (truncated)

Changelog

Sourced from jose's changelog.

4.13.1 (2023-03-02)

Fixes

• workerd: avoid "The script will never generate a response" edge cases completely (96a8c99), closes #355 #509

4.13.0 (2023-02-27)

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

4.12.2 (2023-02-27)

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

4.12.1 (2023-02-27)

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

4.12.0 (2023-02-15)

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

4.11.4 (2023-02-07)

Fixes

• build: ignore deno files in npm publishes (b3d6a11)

4.11.3 (2023-02-07)

... (truncated)

Commits

• 5dd892e chore(release): 4.13.1
• 96a8c99 fix(workerd): avoid "The script will never generate a response" edge cases co...
• 2421496 chore: bump dev deps
• ca7a455 ci: remove envinfo, its too slow
• 6f41d07 ci: refactor browserstack.yml to avoid repeating if and building
• d00baf9 ci: add the same nodecondition to browserstack build
• 99eef84 ci: concurrency on build
• 559e74d ci: make build a reusable workflow
• 653a869 ci: limit browserstack concurrency
• 128b3e9 ci,test: separate type tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[ImagineBuildBot]

Scan submitted to Checkmarx

[ImagineBuildBot]

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 70 vulnerabilities
 33 High
 37 Medium
 0 Low
 0 Info

Checkmarx Scan Summary

Severity	Count
High	33
Medium	37
Low	0
Informational	0

Violation Summary

 28 High
 21 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines	Severity	Category	File	Link
81	Medium	Unchecked_Input_For_Loop_Condition	plugins/catalog-graph/src/components/CatalogGraphPage/useCatalogGraphPage.ts	Checkmarx
172	Medium	Privacy_Violation	plugins/scaffolder-backend/src/service/router.ts	Checkmarx
73	Medium	Privacy_Violation	plugins/todo-backend/src/service/router.ts	Checkmarx
89	Medium	Missing_HSTS_Header	contrib/catalog/ImmediateEntityProvider.ts	Checkmarx
102 121 126 129 130 151 161	Medium	Client_ReDoS_From_Regex_Injection	plugins/catalog-backend-module-bitbucket/src/BitbucketDiscoveryProcessor.ts	Checkmarx
91 116	Medium	Client_ReDoS_From_Regex_Injection	plugins/catalog-backend-module-github/src/GithubDiscoveryProcessor.test.ts	Checkmarx
198 219	Medium	Client_ReDoS_From_Regex_Injection	plugins/catalog-backend-module-bitbucket/src/BitbucketDiscoveryProcessor.test.ts	Checkmarx
104	Medium	Client_ReDoS_From_Regex_Injection	plugins/catalog-backend-module-github/src/GithubDiscoveryProcessor.ts	Checkmarx
168	Medium	Client_Privacy_Violation	packages/integration/src/bitbucket/core.ts	Checkmarx
90	Medium	Client_Privacy_Violation	plugins/auth-backend/src/providers/microsoft/provider.ts	Checkmarx
155	Medium	Client_Privacy_Violation	plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucket.ts	Checkmarx
221	Medium	Client_Privacy_Violation	packages/backend-common/src/scm/git.ts	Checkmarx
149	Medium	Client_HTML5_Store_Sensitive_data_In_Web_Storage	packages/core-app-api/src/lib/AuthSessionManager/AuthSessionStore.ts	Checkmarx
77 100	High	Stored_XSS	plugins/code-coverage-backend/src/service/CodeCoverageDatabase.ts	Checkmarx
44	High	Reflected_XSS	plugins/bazaar-backend/src/service/router.ts	Checkmarx
46 83	High	Reflected_XSS	plugins/jenkins-backend/src/service/router.ts	Checkmarx
48 86	High	Reflected_XSS	plugins/badges-backend/src/service/router.ts	Checkmarx
50	High	Reflected_XSS	plugins/periskop-backend/src/service/router.ts	Checkmarx
335	High	Reflected_XSS	plugins/techdocs-node/src/stages/publish/azureBlobStorage.ts	Checkmarx
372	High	Reflected_XSS	plugins/techdocs-node/src/stages/publish/awsS3.ts	Checkmarx
53 59 65 66 72 73 79 80	High	Reflected_XSS	plugins/rollbar-backend/src/service/router.ts	Checkmarx
40	High	Reflected_XSS	plugins/app-backend/src/lib/assets/createStaticAssetMiddleware.ts	Checkmarx
242	High	Reflected_XSS	plugins/techdocs-node/src/stages/publish/openStackSwift.ts	Checkmarx
108	High	Reflected_XSS	plugins/search-backend/src/service/router.ts	Checkmarx
126 129 130	High	Prototype_Pollution	plugins/catalog-backend-module-bitbucket/src/BitbucketDiscoveryProcessor.ts	Checkmarx
36	High	Insecure_Storage_of_Sensitive_Data	plugins/auth-backend/src/service/standaloneServer.ts	Checkmarx
62	High	Client_DOM_XSS	plugins/git-release-manager/src/hooks/useQueryHandler.ts	Checkmarx
30	High	Client_DOM_XSS	plugins/catalog-backend/src/util/conversion.ts	Checkmarx
64	High	Client_DOM_XSS	plugins/gcp-projects/src/components/ProjectDetailsPage/ProjectDetailsPage.tsx	Checkmarx