v4.0.1

Changed

• Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require
  that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
  when using HMAC algorithms.
• Upgrading JWA version to 2.0.1, addressing a compatibility issue for Node >= 25.

v3.2.3

Changed

• Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require
  that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
  when using HMAC algorithms.
• Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.

v4.0.0

* [MAJOR]: jwa was updated and now matches algorithm names
  case-sensitively. Should a jws header have an alg such as "es256"
  instead of the IANA registered "ES256" it will now throw.

  See https://github.com/brianloveswords/node-jwa/releases/tag/v2.0.0
  for more details

v3.2.2

* jwa explicitly bumped to ^1.4.1
  * KeyObject support
  * PS* interoperability fixes

v3.2.1

* Updated jws.ALGORITHMS with PS* algs

v3.2.0

* [MINOR] Support for PS256,PS384,PS512 through jwa update. Thanks @csprl!
* README updates. Thanks @Calinou!

v3.1.5: inline base64url

* The base64url package has issues with TypeScript and also
  has an open vulnerability reported on HackerOne (not
  affected).

  Most replacement packages are only compatible with Node 4+
  so inlining an implementation in order to release with a
  patch version

* Update README (Thanks @MMDF!)