fix(deps): update dependency jose to v6 (#1248)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [jose](https://redirect.github.com/panva/jose) | [`^5.9.6` ->
`^6.0.0`](https://renovatebot.com/diffs/npm/jose/5.10.0/6.0.10) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/jose/6.0.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jose/6.0.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jose/5.10.0/6.0.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jose/5.10.0/6.0.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>panva/jose (jose)</summary>

###
[`v6.0.10`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#6010-2025-03-12)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.9...v6.0.10)

##### Refactor

- removed unused claims methods
([74719cf](74719cfcfb))
- reorganize jwt claim set utils
([1f12d88](1f12d88ee8))

###
[`v6.0.9`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#609-2025-03-11)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.8...v6.0.9)

##### Documentation

- add more symbol document, ignore ts-private fields
([8b73687](8b73687595))
- bump typedoc
([6163a8b](6163a8b6a7))
- drop cdnjs links in README
([a910038](a9100383ab))
- drop denoland/x links in README and add jsr
([3662b9e](3662b9ec44))
- fix key export links from docs/README.md
([c8edfc2](c8edfc2941))

##### Refactor

- always assume structuredClone is present
([f7898a9](f7898a9487))
- hide internal private fields and drop ProduceJWT inheritance
([ab18881](ab18881a57))
- less objects when JWE JWT Replicated Header Parameters are used
([c763a0e](c763a0e373))

###
[`v6.0.8`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#608-2025-02-26)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.7...v6.0.8)

##### Fixes

- export \[customFetch] symbol from the default entrypoint
([1615614](1615614964)),
closes [#&#8203;762](https://redirect.github.com/panva/jose/issues/762)

###
[`v6.0.7`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#607-2025-02-25)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.6...v6.0.7)

##### Documentation

- improve generate key/secret and import function descriptions
([cd06359](cd06359597))

##### Fixes

- use \[customFetch] when provided to createRemoteJWKSet
([35f6509](35f6509ff4)),
closes [#&#8203;760](https://redirect.github.com/panva/jose/issues/760)

###
[`v6.0.6`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#606-2025-02-23)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.5...v6.0.6)

##### Refactor

- move base64url around
([e1350ef](e1350eff87))

##### Documentation

- add various exported symbol descriptions
([3b8ff71](3b8ff717ad))
- add various exported symbol descriptions
([fc4e7da](fc4e7dab4c))
- add various exported symbol descriptions
([74f02c8](74f02c833e))
- update base64url function descriptions
([03d72c8](03d72c8a55))

###
[`v6.0.5`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#605-2025-02-23)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.4...v6.0.5)

##### Refactor

- **types:** make JWKParameters.kty compatible with
[@&#8203;types/node](https://redirect.github.com/types/node) and
[@&#8203;types/web](https://redirect.github.com/types/web)
([bb6ccfe](bb6ccfed3e))

##### Documentation

- add various exported symbol descriptions
([f52c2ff](f52c2ff0c3))

###
[`v6.0.4`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#604-2025-02-22)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.3...v6.0.4)

##### Refactor

- optimize base64 with tc39/proposal-arraybuffer-base64
([8a0da69](8a0da6968e)),
closes [#&#8203;752](https://redirect.github.com/panva/jose/issues/752)
- update getSPKI to use crypto.createPublicKey when available
([92392a0](92392a0aa2)),
closes [#&#8203;752](https://redirect.github.com/panva/jose/issues/752)
- use Double HMAC pattern for AES-CBC tag comparison
([f3ba4c7](f3ba4c715f)),
closes [#&#8203;752](https://redirect.github.com/panva/jose/issues/752)

###
[`v6.0.3`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#603-2025-02-22)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.2...v6.0.3)

##### Documentation

- remove root module tag so that README.md shows up on jsr.io
([ee70698](ee7069818b))

###
[`v6.0.2`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#602-2025-02-22)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.1...v6.0.2)

##### Documentation

- add module tags to all entrypoints
([a5687aa](a5687aaed4))

###
[`v6.0.1`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#601-2025-02-22)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v6.0.0...v6.0.1)

##### Fixes

- **types:** update build to include extensions in type imports
([9b96672](9b96672ef7))

###
[`v6.0.0`](https://redirect.github.com/panva/jose/blob/HEAD/CHANGELOG.md#600-2025-02-22)

[Compare
Source](https://redirect.github.com/panva/jose/compare/v5.10.0...v6.0.0)

##### ⚠ BREAKING CHANGES

-   The PEMImportOptions type interface is renamed to KeyImportOptions.
-   all builds and bundles now use ES2022 as target
- createRemoteJWKSet now uses fetch, because of that its Node.js only
options.agent property has been removed and new fetch-related options
were added
-   drop support for Ed448 and X448
- drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and
"deriveKey"
- resolved keys returned as part of verify/decrypt operations (when get
key functions are used) are always normalized to either Uint8Array /
CryptoKey depending on what's more efficient for the executed operation
-   Key "Type" Generics are removed
- CJS-style require is now only possible when require(esm) support is
present in the Node.js runtime
- private KeyObject instances can no longer be used for verify
operations
- private KeyObject instances can no longer be used for encryption
operations
- generateSecret, generateKeyPair, importPKCS8, importSPKI, importJWK,
and importX509 now yield a CryptoKey instead of a KeyObject in Node.js
-   drop support for Node.js 18.x and earlier
- runtime-specific npm releases (jose-browser-runtime,
jose-node-cjs-runtime, and jose-node-esm-runtime) are no longer
maintained or supported
-   removed secp256k1 JWS support
-   removed deprecated experimental APIs
-   removed RSA1\_5 JWE support

##### Features

- enable CryptoKey and KeyObject inputs in JWK thumbprint functions
([6fc9c44](6fc9c4461a))
- JSON Web Key is now an allowed input everywhere
([ebda967](ebda9674e9))

##### Refactor

- always use infered CryptoKey
([c4abaa2](c4abaa265e))
- backport the
[`Ed25519`](https://redirect.github.com/panva/jose/commit/Ed25519) JWS
Algorithm Identifier support
([7a94cb9](7a94cb997a))
- drop support for Ed448 and X448
([2fae1c4](2fae1c447b))
- drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and
"deriveKey"
([ef918be](ef918be8ba))
- ensure export functions continue to work with KeyObject inputs
([28e9e68](28e9e684bb))
- hardcode the cryptoRuntime export since it is now always WebCryptoAPI
([e00f273](e00f2737fd))
- JWK import extractable default for public keys is now true
([64dcebe](64dcebef36))
- PEM import extractable default for public keys is now true
([4e9f114](4e9f1143c7))
- removed deprecated APIs
([5352083](5352083dc6))
- removed secp256k1 JWS support
([e2b58a5](e2b58a5ca5))
- restructure src/lib and src/runtime now that runtime is fixed
([9b236ce](9b236cec4e))
- target is now ES2022 everywhere
([aa590d5](aa590d569f))
- update importJWK args to align with other import functions
([355a2dd](355a2dd33a))
- WebCryptoAPI is now the only crypto used
([161de46](161de466a2))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/unraid/api).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

api/package.json

@@ -106,7 +106,7 @@
         "graphql-ws": "^5.16.0",
         "ini": "^5.0.0",
         "ip": "^2.0.1",
-        "jose": "^5.9.6",
+        "jose": "^6.0.0",
         "lodash-es": "^4.17.21",
         "multi-ini": "^2.3.2",
         "mustache": "^4.2.0",

pnpm-lock.yaml

@@ -189,8 +189,8 @@ importers:
         specifier: ^2.0.1
         version: 2.0.1
       jose:
-        specifier: ^5.9.6
-        version: 5.10.0
+        specifier: ^6.0.0
+        version: 6.0.10
       lodash-es:
         specifier: ^4.17.21
         version: 4.17.21
@@ -7679,6 +7679,9 @@ packages:
   jose@5.10.0:
     resolution: {integrity: sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==}
 
+  jose@6.0.10:
+    resolution: {integrity: sha512-skIAxZqcMkOrSwjJvplIPYrlXGpxTPnro2/QWTDCxAdWQrSTV5/KqspMWmi5WAx5+ULswASJiZ0a+1B/Lxt9cw==}
+
   joycon@3.1.1:
     resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
     engines: {node: '>=10'}
@@ -19629,6 +19632,8 @@ snapshots:
 
   jose@5.10.0: {}
 
+  jose@6.0.10: {}
+
   joycon@3.1.1: {}
 
   js-beautify@1.15.3: