@hot-updater/js 0.33.0 → 0.33.1

package/dist/index.mjs

@@ -22,7 +22,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 	enumerable: true
 }) : target, mod));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/constants.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/internal/constants.js
 var require_constants = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SEMVER_SPEC_VERSION = "2.0.0";
 	const MAX_LENGTH = 256;
@@ -47,12 +47,12 @@ var require_constants = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	};
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/debug.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/internal/debug.js
 var require_debug = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {};
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/re.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/internal/re.js
 var require_re = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const { MAX_SAFE_COMPONENT_LENGTH, MAX_SAFE_BUILD_LENGTH, MAX_LENGTH } = require_constants();
 	const debug = require_debug();
@@ -131,7 +131,7 @@ var require_re = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	createToken("GTE0PRE", "^\\s*>=\\s*0\\.0\\.0-0\\s*$");
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/parse-options.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/internal/parse-options.js
 var require_parse_options = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const looseOption = Object.freeze({ loose: true });
 	const emptyOpts = Object.freeze({});
@@ -143,10 +143,11 @@ var require_parse_options = /* @__PURE__ */ __commonJSMin(((exports, module) =>
 	module.exports = parseOptions;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/identifiers.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/internal/identifiers.js
 var require_identifiers = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const numeric = /^[0-9]+$/;
 	const compareIdentifiers = (a, b) => {
+		if (typeof a === "number" && typeof b === "number") return a === b ? 0 : a < b ? -1 : 1;
 		const anum = numeric.test(a);
 		const bnum = numeric.test(b);
 		if (anum && bnum) {
@@ -162,13 +163,19 @@ var require_identifiers = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	};
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/classes/semver.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/classes/semver.js
 var require_semver$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const debug = require_debug();
 	const { MAX_LENGTH, MAX_SAFE_INTEGER } = require_constants();
 	const { safeRe: re, t } = require_re();
 	const parseOptions = require_parse_options();
 	const { compareIdentifiers } = require_identifiers();
+	const isPrereleaseIdentifier = (prerelease, identifier) => {
+		const identifiers = identifier.split(".");
+		if (identifiers.length > prerelease.length) return false;
+		for (let i = 0; i < identifiers.length; i++) if (compareIdentifiers(prerelease[i], identifiers[i]) !== 0) return false;
+		return true;
+	};
 	module.exports = class SemVer {
 		constructor(version, options) {
 			options = parseOptions(options);
@@ -219,7 +226,13 @@ var require_semver$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 		}
 		compareMain(other) {
 			if (!(other instanceof SemVer)) other = new SemVer(other, this.options);
-			return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch);
+			if (this.major < other.major) return -1;
+			if (this.major > other.major) return 1;
+			if (this.minor < other.minor) return -1;
+			if (this.minor > other.minor) return 1;
+			if (this.patch < other.patch) return -1;
+			if (this.patch > other.patch) return 1;
+			return 0;
 		}
 		comparePre(other) {
 			if (!(other instanceof SemVer)) other = new SemVer(other, this.options);
@@ -319,8 +332,9 @@ var require_semver$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 					if (identifier) {
 						let prerelease = [identifier, base];
 						if (identifierBase === false) prerelease = [identifier];
-						if (compareIdentifiers(this.prerelease[0], identifier) === 0) {
-							if (isNaN(this.prerelease[1])) this.prerelease = prerelease;
+						if (isPrereleaseIdentifier(this.prerelease, identifier)) {
+							const prereleaseBase = this.prerelease[identifier.split(".").length];
+							if (isNaN(prereleaseBase)) this.prerelease = prerelease;
 						} else this.prerelease = prerelease;
 					}
 					break;
@@ -334,7 +348,7 @@ var require_semver$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	};
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/parse.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/parse.js
 var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const parse = (version, options, throwErrors = false) => {
@@ -349,7 +363,7 @@ var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = parse;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/valid.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/valid.js
 var require_valid$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const parse = require_parse();
 	const valid = (version, options) => {
@@ -359,7 +373,7 @@ var require_valid$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = valid;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/clean.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/clean.js
 var require_clean = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const parse = require_parse();
 	const clean = (version, options) => {
@@ -369,7 +383,7 @@ var require_clean = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = clean;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/inc.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/inc.js
 var require_inc = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const inc = (version, release, options, identifier, identifierBase) => {
@@ -387,7 +401,7 @@ var require_inc = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = inc;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/diff.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/diff.js
 var require_diff = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const parse = require_parse();
 	const diff = (version1, version2) => {
@@ -415,28 +429,28 @@ var require_diff = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = diff;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/major.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/major.js
 var require_major = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const major = (a, loose) => new SemVer(a, loose).major;
 	module.exports = major;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/minor.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/minor.js
 var require_minor = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const minor = (a, loose) => new SemVer(a, loose).minor;
 	module.exports = minor;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/patch.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/patch.js
 var require_patch = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const patch = (a, loose) => new SemVer(a, loose).patch;
 	module.exports = patch;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/prerelease.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/prerelease.js
 var require_prerelease = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const parse = require_parse();
 	const prerelease = (version, options) => {
@@ -446,28 +460,28 @@ var require_prerelease = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = prerelease;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/compare.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/compare.js
 var require_compare = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose));
 	module.exports = compare;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/rcompare.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/rcompare.js
 var require_rcompare = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const rcompare = (a, b, loose) => compare(b, a, loose);
 	module.exports = rcompare;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/compare-loose.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/compare-loose.js
 var require_compare_loose = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const compareLoose = (a, b) => compare(a, b, true);
 	module.exports = compareLoose;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/compare-build.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/compare-build.js
 var require_compare_build = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const compareBuild = (a, b, loose) => {
@@ -478,63 +492,63 @@ var require_compare_build = /* @__PURE__ */ __commonJSMin(((exports, module) =>
 	module.exports = compareBuild;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/sort.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/sort.js
 var require_sort = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compareBuild = require_compare_build();
 	const sort = (list, loose) => list.sort((a, b) => compareBuild(a, b, loose));
 	module.exports = sort;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/rsort.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/rsort.js
 var require_rsort = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compareBuild = require_compare_build();
 	const rsort = (list, loose) => list.sort((a, b) => compareBuild(b, a, loose));
 	module.exports = rsort;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/gt.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/gt.js
 var require_gt = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const gt = (a, b, loose) => compare(a, b, loose) > 0;
 	module.exports = gt;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/lt.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/lt.js
 var require_lt = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const lt = (a, b, loose) => compare(a, b, loose) < 0;
 	module.exports = lt;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/eq.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/eq.js
 var require_eq = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const eq = (a, b, loose) => compare(a, b, loose) === 0;
 	module.exports = eq;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/neq.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/neq.js
 var require_neq = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const neq = (a, b, loose) => compare(a, b, loose) !== 0;
 	module.exports = neq;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/gte.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/gte.js
 var require_gte = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const gte = (a, b, loose) => compare(a, b, loose) >= 0;
 	module.exports = gte;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/lte.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/lte.js
 var require_lte = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const compare = require_compare();
 	const lte = (a, b, loose) => compare(a, b, loose) <= 0;
 	module.exports = lte;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/cmp.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/cmp.js
 var require_cmp = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const eq = require_eq();
 	const neq = require_neq();
@@ -566,7 +580,7 @@ var require_cmp = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = cmp;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/coerce.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/coerce.js
 var require_coerce = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const parse = require_parse();
@@ -594,7 +608,40 @@ var require_coerce = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = coerce;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/lrucache.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/truncate.js
+var require_truncate = /* @__PURE__ */ __commonJSMin(((exports, module) => {
+	const parse = require_parse();
+	const constants = require_constants();
+	const SemVer = require_semver$1();
+	const truncate = (version, truncation, options) => {
+		if (!constants.RELEASE_TYPES.includes(truncation)) return null;
+		const clonedVersion = cloneInputVersion(version, options);
+		return clonedVersion && doTruncation(clonedVersion, truncation);
+	};
+	const cloneInputVersion = (version, options) => {
+		return parse(version instanceof SemVer ? version.version : version, options);
+	};
+	const doTruncation = (version, truncation) => {
+		if (isPrerelease(truncation)) return version.version;
+		version.prerelease = [];
+		switch (truncation) {
+			case "major":
+				version.minor = 0;
+				version.patch = 0;
+				break;
+			case "minor":
+				version.patch = 0;
+				break;
+		}
+		return version.format();
+	};
+	const isPrerelease = (type) => {
+		return type.startsWith("pre");
+	};
+	module.exports = truncate;
+}));
+//#endregion
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/internal/lrucache.js
 var require_lrucache = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	var LRUCache = class {
 		constructor() {
@@ -627,7 +674,7 @@ var require_lrucache = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = LRUCache;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/classes/range.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/classes/range.js
 var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SPACE_CHARACTERS = /\s+/g;
 	module.exports = class Range {
@@ -681,6 +728,7 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 			return this.range;
 		}
 		parseRange(range) {
+			range = range.replace(BUILDSTRIPRE, "");
 			const memoKey = ((this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE)) + ":" + range;
 			const cached = cache.get(memoKey);
 			if (cached) return cached;
@@ -739,8 +787,9 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Comparator = require_comparator();
 	const debug = require_debug();
 	const SemVer = require_semver$1();
-	const { safeRe: re, t, comparatorTrimReplace, tildeTrimReplace, caretTrimReplace } = require_re();
+	const { safeRe: re, src, t, comparatorTrimReplace, tildeTrimReplace, caretTrimReplace } = require_re();
 	const { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require_constants();
+	const BUILDSTRIPRE = new RegExp(src[t.BUILD], "g");
 	const isNullSet = (c) => c.value === "<0.0.0-0";
 	const isAny = (c) => c.value === "";
 	const isSatisfiable = (comparators, options) => {
@@ -756,6 +805,7 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 		return result;
 	};
 	const parseComparator = (comp, options) => {
+		comp = comp.replace(re[t.BUILD], "");
 		debug("comp", comp, options);
 		comp = replaceCarets(comp, options);
 		debug("caret", comp);
@@ -768,6 +818,7 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 		return comp;
 	};
 	const isX = (id) => !id || id.toLowerCase() === "x" || id === "*";
+	const invalidXRangeOrder = (M, m, p) => isX(M) && !isX(m) || isX(m) && p && !isX(p);
 	const replaceTildes = (comp, options) => {
 		return comp.trim().split(/\s+/).map((c) => replaceTilde(c, options)).join(" ");
 	};
@@ -808,8 +859,8 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 				else ret = `>=${M}.${m}.${p}-${pr} <${+M + 1}.0.0-0`;
 			} else {
 				debug("no pr");
-				if (M === "0") if (m === "0") ret = `>=${M}.${m}.${p}${z} <${M}.${m}.${+p + 1}-0`;
-				else ret = `>=${M}.${m}.${p}${z} <${M}.${+m + 1}.0-0`;
+				if (M === "0") if (m === "0") ret = `>=${M}.${m}.${p} <${M}.${m}.${+p + 1}-0`;
+				else ret = `>=${M}.${m}.${p} <${M}.${+m + 1}.0-0`;
 				else ret = `>=${M}.${m}.${p} <${+M + 1}.0.0-0`;
 			}
 			debug("caret return", ret);
@@ -825,6 +876,7 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 		const r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE];
 		return comp.replace(r, (ret, gtlt, M, m, p, pr) => {
 			debug("xRange", comp, ret, gtlt, M, m, p, pr);
+			if (invalidXRangeOrder(M, m, p)) return comp;
 			const xM = isX(M);
 			const xm = xM || isX(m);
 			const xp = xm || isX(p);
@@ -898,7 +950,7 @@ var require_range = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	};
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/classes/comparator.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/classes/comparator.js
 var require_comparator = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const ANY = Symbol("SemVer ANY");
 	module.exports = class Comparator {
@@ -968,7 +1020,7 @@ var require_comparator = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Range = require_range();
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/satisfies.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/functions/satisfies.js
 var require_satisfies = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Range = require_range();
 	const satisfies = (version, range, options) => {
@@ -982,14 +1034,14 @@ var require_satisfies = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = satisfies;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/to-comparators.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/to-comparators.js
 var require_to_comparators = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Range = require_range();
 	const toComparators = (range, options) => new Range(range, options).set.map((comp) => comp.map((c) => c.value).join(" ").trim().split(" "));
 	module.exports = toComparators;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/max-satisfying.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/max-satisfying.js
 var require_max_satisfying = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const Range = require_range();
@@ -1015,7 +1067,7 @@ var require_max_satisfying = /* @__PURE__ */ __commonJSMin(((exports, module) =>
 	module.exports = maxSatisfying;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/min-satisfying.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/min-satisfying.js
 var require_min_satisfying = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const Range = require_range();
@@ -1041,7 +1093,7 @@ var require_min_satisfying = /* @__PURE__ */ __commonJSMin(((exports, module) =>
 	module.exports = minSatisfying;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/min-version.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/min-version.js
 var require_min_version = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const Range = require_range();
@@ -1080,7 +1132,7 @@ var require_min_version = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = minVersion;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/valid.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/valid.js
 var require_valid = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Range = require_range();
 	const validRange = (range, options) => {
@@ -1093,7 +1145,7 @@ var require_valid = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = validRange;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/outside.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/outside.js
 var require_outside = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const SemVer = require_semver$1();
 	const Comparator = require_comparator();
@@ -1146,21 +1198,21 @@ var require_outside = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = outside;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/gtr.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/gtr.js
 var require_gtr = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const outside = require_outside();
 	const gtr = (version, range, options) => outside(version, range, ">", options);
 	module.exports = gtr;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/ltr.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/ltr.js
 var require_ltr = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const outside = require_outside();
 	const ltr = (version, range, options) => outside(version, range, "<", options);
 	module.exports = ltr;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/intersects.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/intersects.js
 var require_intersects = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Range = require_range();
 	const intersects = (r1, r2, options) => {
@@ -1171,7 +1223,7 @@ var require_intersects = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports = intersects;
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/simplify.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/simplify.js
 var require_simplify = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const satisfies = require_satisfies();
 	const compare = require_compare();
@@ -1201,7 +1253,7 @@ var require_simplify = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	};
 }));
 //#endregion
-//#region ../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/ranges/subset.js
+//#region ../../node_modules/.pnpm/semver@7.8.4/node_modules/semver/ranges/subset.js
 var require_subset = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Range = require_range();
 	const Comparator = require_comparator();
@@ -1265,7 +1317,7 @@ var require_subset = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 				if (c.operator === ">" || c.operator === ">=") {
 					higher = higherGT(gt, c, options);
 					if (higher === c && higher !== gt) return false;
-				} else if (gt.operator === ">=" && !satisfies(gt.semver, String(c), options)) return false;
+				} else if (gt.operator === ">=" && !c.test(gt.semver)) return false;
 			}
 			if (lt) {
 				if (needDomLTPre) {
@@ -1274,7 +1326,7 @@ var require_subset = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 				if (c.operator === "<" || c.operator === "<=") {
 					lower = lowerLT(lt, c, options);
 					if (lower === c && lower !== lt) return false;
-				} else if (lt.operator === "<=" && !satisfies(lt.semver, String(c), options)) return false;
+				} else if (lt.operator === "<=" && !c.test(lt.semver)) return false;
 			}
 			if (!c.operator && (lt || gt) && gtltComp !== 0) return false;
 		}
@@ -1326,6 +1378,7 @@ var import_semver = /* @__PURE__ */ __toESM((/* @__PURE__ */ __commonJSMin(((exp
 		lte: require_lte(),
 		cmp: require_cmp(),
 		coerce: require_coerce(),
+		truncate: require_truncate(),
 		Comparator: require_comparator(),
 		Range: require_range(),
 		satisfies: require_satisfies(),
@@ -1464,7 +1517,7 @@ const fingerprintStrategy = async (bundles, { channel = "production", minBundleI
 	return INIT_BUNDLE_ROLLBACK_UPDATE_INFO;
 };
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/buffer_utils.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/buffer_utils.js
 const encoder = new TextEncoder();
 const decoder = new TextDecoder();
 function concat(...buffers) {
@@ -1477,8 +1530,17 @@ function concat(...buffers) {
 	}
 	return buf;
 }
+function encode$1(string) {
+	const bytes = new Uint8Array(string.length);
+	for (let i = 0; i < string.length; i++) {
+		const code = string.charCodeAt(i);
+		if (code > 127) throw new TypeError("non-ASCII string encountered in encode()");
+		bytes[i] = code;
+	}
+	return bytes;
+}
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/base64.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/base64.js
 function encodeBase64(input) {
 	if (Uint8Array.prototype.toBase64) return input.toBase64();
 	const CHUNK_SIZE = 32768;
@@ -1494,12 +1556,12 @@ function decodeBase64(encoded) {
 	return bytes;
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/util/base64url.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/util/base64url.js
 function decode(input) {
 	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof input === "string" ? input : decoder.decode(input), { alphabet: "base64url" });
 	let encoded = input;
 	if (encoded instanceof Uint8Array) encoded = decoder.decode(encoded);
-	encoded = encoded.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+	encoded = encoded.replace(/-/g, "+").replace(/_/g, "/");
 	try {
 		return decodeBase64(encoded);
 	} catch {
@@ -1516,7 +1578,87 @@ function encode(input) {
 	return encodeBase64(unencoded).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/util/errors.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/crypto_key.js
+const unusable = (name, prop = "algorithm.name") => /* @__PURE__ */ new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);
+const isAlgorithm = (algorithm, name) => algorithm.name === name;
+function getHashLength(hash) {
+	return parseInt(hash.name.slice(4), 10);
+}
+function checkHashLength(algorithm, expected) {
+	if (getHashLength(algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+}
+function getNamedCurve(alg) {
+	switch (alg) {
+		case "ES256": return "P-256";
+		case "ES384": return "P-384";
+		case "ES512": return "P-521";
+		default: throw new Error("unreachable");
+	}
+}
+function checkUsage(key, usage) {
+	if (usage && !key.usages.includes(usage)) throw new TypeError(`CryptoKey does not support this operation, its usages must include ${usage}.`);
+}
+function checkSigCryptoKey(key, alg, usage) {
+	switch (alg) {
+		case "HS256":
+		case "HS384":
+		case "HS512":
+			if (!isAlgorithm(key.algorithm, "HMAC")) throw unusable("HMAC");
+			checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
+			break;
+		case "RS256":
+		case "RS384":
+		case "RS512":
+			if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5")) throw unusable("RSASSA-PKCS1-v1_5");
+			checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
+			break;
+		case "PS256":
+		case "PS384":
+		case "PS512":
+			if (!isAlgorithm(key.algorithm, "RSA-PSS")) throw unusable("RSA-PSS");
+			checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
+			break;
+		case "Ed25519":
+		case "EdDSA":
+			if (!isAlgorithm(key.algorithm, "Ed25519")) throw unusable("Ed25519");
+			break;
+		case "ML-DSA-44":
+		case "ML-DSA-65":
+		case "ML-DSA-87":
+			if (!isAlgorithm(key.algorithm, alg)) throw unusable(alg);
+			break;
+		case "ES256":
+		case "ES384":
+		case "ES512": {
+			if (!isAlgorithm(key.algorithm, "ECDSA")) throw unusable("ECDSA");
+			const expected = getNamedCurve(alg);
+			if (key.algorithm.namedCurve !== expected) throw unusable(expected, "algorithm.namedCurve");
+			break;
+		}
+		default: throw new TypeError("CryptoKey does not support this operation");
+	}
+	checkUsage(key, usage);
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/invalid_key_input.js
+function message(msg, actual, ...types) {
+	types = types.filter(Boolean);
+	if (types.length > 2) {
+		const last = types.pop();
+		msg += `one of type ${types.join(", ")}, or ${last}.`;
+	} else if (types.length === 2) msg += `one of type ${types[0]} or ${types[1]}.`;
+	else msg += `of type ${types[0]}.`;
+	if (actual == null) msg += ` Received ${actual}`;
+	else if (typeof actual === "function" && actual.name) msg += ` Received function ${actual.name}`;
+	else if (typeof actual === "object" && actual != null) {
+		if (actual.constructor?.name) msg += ` Received an instance of ${actual.constructor.name}`;
+	}
+	return msg;
+}
+const invalidKeyInput = (actual, ...types) => message("Key must be ", actual, ...types);
+const withAlg = (alg, actual, ...types) => message(`Key for the ${alg} algorithm must be `, actual, ...types);
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/util/errors.js
 var JOSEError = class extends Error {
 	static code = "ERR_JOSE_GENERIC";
 	code = "ERR_JOSE_GENERIC";
@@ -1584,105 +1726,40 @@ var JWSSignatureVerificationFailed = class extends JOSEError {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/crypto_key.js
-function unusable(name, prop = "algorithm.name") {
-	return /* @__PURE__ */ new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);
-}
-function isAlgorithm(algorithm, name) {
-	return algorithm.name === name;
-}
-function getHashLength(hash) {
-	return parseInt(hash.name.slice(4), 10);
-}
-function getNamedCurve(alg) {
-	switch (alg) {
-		case "ES256": return "P-256";
-		case "ES384": return "P-384";
-		case "ES512": return "P-521";
-		default: throw new Error("unreachable");
-	}
-}
-function checkUsage(key, usage) {
-	if (usage && !key.usages.includes(usage)) throw new TypeError(`CryptoKey does not support this operation, its usages must include ${usage}.`);
-}
-function checkSigCryptoKey(key, alg, usage) {
-	switch (alg) {
-		case "HS256":
-		case "HS384":
-		case "HS512": {
-			if (!isAlgorithm(key.algorithm, "HMAC")) throw unusable("HMAC");
-			const expected = parseInt(alg.slice(2), 10);
-			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
-			break;
-		}
-		case "RS256":
-		case "RS384":
-		case "RS512": {
-			if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5")) throw unusable("RSASSA-PKCS1-v1_5");
-			const expected = parseInt(alg.slice(2), 10);
-			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
-			break;
-		}
-		case "PS256":
-		case "PS384":
-		case "PS512": {
-			if (!isAlgorithm(key.algorithm, "RSA-PSS")) throw unusable("RSA-PSS");
-			const expected = parseInt(alg.slice(2), 10);
-			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
-			break;
-		}
-		case "Ed25519":
-		case "EdDSA":
-			if (!isAlgorithm(key.algorithm, "Ed25519")) throw unusable("Ed25519");
-			break;
-		case "ES256":
-		case "ES384":
-		case "ES512": {
-			if (!isAlgorithm(key.algorithm, "ECDSA")) throw unusable("ECDSA");
-			const expected = getNamedCurve(alg);
-			if (key.algorithm.namedCurve !== expected) throw unusable(expected, "algorithm.namedCurve");
-			break;
-		}
-		default: throw new TypeError("CryptoKey does not support this operation");
-	}
-	checkUsage(key, usage);
-}
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/invalid_key_input.js
-function message(msg, actual, ...types) {
-	types = types.filter(Boolean);
-	if (types.length > 2) {
-		const last = types.pop();
-		msg += `one of type ${types.join(", ")}, or ${last}.`;
-	} else if (types.length === 2) msg += `one of type ${types[0]} or ${types[1]}.`;
-	else msg += `of type ${types[0]}.`;
-	if (actual == null) msg += ` Received ${actual}`;
-	else if (typeof actual === "function" && actual.name) msg += ` Received function ${actual.name}`;
-	else if (typeof actual === "object" && actual != null) {
-		if (actual.constructor?.name) msg += ` Received an instance of ${actual.constructor.name}`;
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/is_key_like.js
+const isCryptoKey = (key) => {
+	if (key?.[Symbol.toStringTag] === "CryptoKey") return true;
+	try {
+		return key instanceof CryptoKey;
+	} catch {
+		return false;
 	}
-	return msg;
-}
-var invalid_key_input_default = (actual, ...types) => {
-	return message("Key must be ", actual, ...types);
 };
-function withAlg(alg, actual, ...types) {
-	return message(`Key for the ${alg} algorithm must be `, actual, ...types);
-}
+const isKeyObject = (key) => key?.[Symbol.toStringTag] === "KeyObject";
+const isKeyLike = (key) => isCryptoKey(key) || isKeyObject(key);
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/is_key_like.js
-function isCryptoKey(key) {
-	return key?.[Symbol.toStringTag] === "CryptoKey";
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/helpers.js
+function assertNotSet(value, name) {
+	if (value) throw new TypeError(`${name} can only be called once`);
 }
-function isKeyObject(key) {
-	return key?.[Symbol.toStringTag] === "KeyObject";
+function decodeBase64url(value, label, ErrorClass) {
+	try {
+		return decode(value);
+	} catch {
+		throw new ErrorClass(`Failed to base64url decode the ${label}`);
+	}
 }
-var is_key_like_default = (key) => {
-	return isCryptoKey(key) || isKeyObject(key);
-};
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/is_disjoint.js
-var is_disjoint_default = (...headers) => {
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/type_checks.js
+const isObjectLike = (value) => typeof value === "object" && value !== null;
+function isObject(input) {
+	if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") return false;
+	if (Object.getPrototypeOf(input) === null) return true;
+	let proto = input;
+	while (Object.getPrototypeOf(proto) !== null) proto = Object.getPrototypeOf(proto);
+	return Object.getPrototypeOf(input) === proto;
+}
+function isDisjoint(...headers) {
 	const sources = headers.filter(Boolean);
 	if (sources.length === 0 || sources.length === 1) return true;
 	let acc;
@@ -1698,33 +1775,101 @@ var is_disjoint_default = (...headers) => {
 		}
 	}
 	return true;
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/is_object.js
-function isObjectLike(value) {
-	return typeof value === "object" && value !== null;
 }
-var is_object_default = (input) => {
-	if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") return false;
-	if (Object.getPrototypeOf(input) === null) return true;
-	let proto = input;
-	while (Object.getPrototypeOf(proto) !== null) proto = Object.getPrototypeOf(proto);
-	return Object.getPrototypeOf(input) === proto;
-};
+const isJWK = (key) => isObject(key) && typeof key.kty === "string";
+const isPrivateJWK = (key) => key.kty !== "oct" && (key.kty === "AKP" && typeof key.priv === "string" || typeof key.d === "string");
+const isPublicJWK = (key) => key.kty !== "oct" && key.d === void 0 && key.priv === void 0;
+const isSecretJWK = (key) => key.kty === "oct" && typeof key.k === "string";
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/check_key_length.js
-var check_key_length_default = (alg, key) => {
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/signing.js
+function checkKeyLength(alg, key) {
 	if (alg.startsWith("RS") || alg.startsWith("PS")) {
 		const { modulusLength } = key.algorithm;
 		if (typeof modulusLength !== "number" || modulusLength < 2048) throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
 	}
-};
+}
+function subtleAlgorithm(alg, algorithm) {
+	const hash = `SHA-${alg.slice(-3)}`;
+	switch (alg) {
+		case "HS256":
+		case "HS384":
+		case "HS512": return {
+			hash,
+			name: "HMAC"
+		};
+		case "PS256":
+		case "PS384":
+		case "PS512": return {
+			hash,
+			name: "RSA-PSS",
+			saltLength: parseInt(alg.slice(-3), 10) >> 3
+		};
+		case "RS256":
+		case "RS384":
+		case "RS512": return {
+			hash,
+			name: "RSASSA-PKCS1-v1_5"
+		};
+		case "ES256":
+		case "ES384":
+		case "ES512": return {
+			hash,
+			name: "ECDSA",
+			namedCurve: algorithm.namedCurve
+		};
+		case "Ed25519":
+		case "EdDSA": return { name: "Ed25519" };
+		case "ML-DSA-44":
+		case "ML-DSA-65":
+		case "ML-DSA-87": return { name: alg };
+		default: throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+	}
+}
+async function getSigKey(alg, key, usage) {
+	if (key instanceof Uint8Array) {
+		if (!alg.startsWith("HS")) throw new TypeError(invalidKeyInput(key, "CryptoKey", "KeyObject", "JSON Web Key"));
+		return crypto.subtle.importKey("raw", key, {
+			hash: `SHA-${alg.slice(-3)}`,
+			name: "HMAC"
+		}, false, [usage]);
+	}
+	checkSigCryptoKey(key, alg, usage);
+	return key;
+}
+async function sign(alg, key, data) {
+	const cryptoKey = await getSigKey(alg, key, "sign");
+	checkKeyLength(alg, cryptoKey);
+	const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data);
+	return new Uint8Array(signature);
+}
+async function verify(alg, key, signature, data) {
+	const cryptoKey = await getSigKey(alg, key, "verify");
+	checkKeyLength(alg, cryptoKey);
+	const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm);
+	try {
+		return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);
+	} catch {
+		return false;
+	}
+}
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/jwk_to_key.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/jwk_to_key.js
+const unsupportedAlg = "Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value";
 function subtleMapping(jwk) {
 	let algorithm;
 	let keyUsages;
 	switch (jwk.kty) {
+		case "AKP":
+			switch (jwk.alg) {
+				case "ML-DSA-44":
+				case "ML-DSA-65":
+				case "ML-DSA-87":
+					algorithm = { name: jwk.alg };
+					keyUsages = jwk.priv ? ["sign"] : ["verify"];
+					break;
+				default: throw new JOSENotSupported(unsupportedAlg);
+			}
+			break;
 		case "RSA":
 			switch (jwk.alg) {
 				case "PS256":
@@ -1755,29 +1900,21 @@ function subtleMapping(jwk) {
 					};
 					keyUsages = jwk.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
 					break;
-				default: throw new JOSENotSupported("Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value");
+				default: throw new JOSENotSupported(unsupportedAlg);
 			}
 			break;
 		case "EC":
 			switch (jwk.alg) {
 				case "ES256":
-					algorithm = {
-						name: "ECDSA",
-						namedCurve: "P-256"
-					};
-					keyUsages = jwk.d ? ["sign"] : ["verify"];
-					break;
 				case "ES384":
-					algorithm = {
-						name: "ECDSA",
-						namedCurve: "P-384"
-					};
-					keyUsages = jwk.d ? ["sign"] : ["verify"];
-					break;
 				case "ES512":
 					algorithm = {
 						name: "ECDSA",
-						namedCurve: "P-521"
+						namedCurve: {
+							ES256: "P-256",
+							ES384: "P-384",
+							ES512: "P-521"
+						}[jwk.alg]
 					};
 					keyUsages = jwk.d ? ["sign"] : ["verify"];
 					break;
@@ -1791,7 +1928,7 @@ function subtleMapping(jwk) {
 					};
 					keyUsages = jwk.d ? ["deriveBits"] : [];
 					break;
-				default: throw new JOSENotSupported("Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value");
+				default: throw new JOSENotSupported(unsupportedAlg);
 			}
 			break;
 		case "OKP":
@@ -1808,7 +1945,7 @@ function subtleMapping(jwk) {
 					algorithm = { name: jwk.crv };
 					keyUsages = jwk.d ? ["deriveBits"] : [];
 					break;
-				default: throw new JOSENotSupported("Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value");
+				default: throw new JOSENotSupported(unsupportedAlg);
 			}
 			break;
 		default: throw new JOSENotSupported("Invalid or unsupported JWK \"kty\" (Key Type) Parameter value");
@@ -1818,59 +1955,23 @@ function subtleMapping(jwk) {
 		keyUsages
 	};
 }
-var jwk_to_key_default = async (jwk) => {
+async function jwkToKey(jwk) {
 	if (!jwk.alg) throw new TypeError("\"alg\" argument is required when \"jwk.alg\" is not present");
 	const { algorithm, keyUsages } = subtleMapping(jwk);
 	const keyData = { ...jwk };
-	delete keyData.alg;
+	if (keyData.kty !== "AKP") delete keyData.alg;
 	delete keyData.use;
-	return crypto.subtle.importKey("jwk", keyData, algorithm, jwk.ext ?? (jwk.d ? false : true), jwk.key_ops ?? keyUsages);
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/validate_crit.js
-var validate_crit_default = (Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) => {
-	if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) throw new Err("\"crit\" (Critical) Header Parameter MUST be integrity protected");
-	if (!protectedHeader || protectedHeader.crit === void 0) return /* @__PURE__ */ new Set();
-	if (!Array.isArray(protectedHeader.crit) || protectedHeader.crit.length === 0 || protectedHeader.crit.some((input) => typeof input !== "string" || input.length === 0)) throw new Err("\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present");
-	let recognized;
-	if (recognizedOption !== void 0) recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);
-	else recognized = recognizedDefault;
-	for (const parameter of protectedHeader.crit) {
-		if (!recognized.has(parameter)) throw new JOSENotSupported(`Extension Header Parameter "${parameter}" is not recognized`);
-		if (joseHeader[parameter] === void 0) throw new Err(`Extension Header Parameter "${parameter}" is missing`);
-		if (recognized.get(parameter) && protectedHeader[parameter] === void 0) throw new Err(`Extension Header Parameter "${parameter}" MUST be integrity protected`);
-	}
-	return new Set(protectedHeader.crit);
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/validate_algorithms.js
-var validate_algorithms_default = (option, algorithms) => {
-	if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) throw new TypeError(`"${option}" option must be an array of strings`);
-	if (!algorithms) return;
-	return new Set(algorithms);
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/is_jwk.js
-function isJWK(key) {
-	return is_object_default(key) && typeof key.kty === "string";
-}
-function isPrivateJWK(key) {
-	return key.kty !== "oct" && typeof key.d === "string";
-}
-function isPublicJWK(key) {
-	return key.kty !== "oct" && typeof key.d === "undefined";
-}
-function isSecretJWK(key) {
-	return key.kty === "oct" && typeof key.k === "string";
+	return crypto.subtle.importKey("jwk", keyData, algorithm, jwk.ext ?? (jwk.d || jwk.priv ? false : true), jwk.key_ops ?? keyUsages);
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/normalize_key.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/normalize_key.js
+const unusableForAlg = "given KeyObject instance cannot be used for this algorithm";
 let cache;
 const handleJWK = async (key, jwk, alg, freeze = false) => {
 	cache ||= /* @__PURE__ */ new WeakMap();
 	let cached = cache.get(key);
 	if (cached?.[alg]) return cached[alg];
-	const cryptoKey = await jwk_to_key_default({
+	const cryptoKey = await jwkToKey({
 		...jwk,
 		alg
 	});
@@ -1892,14 +1993,21 @@ const handleKeyObject = (keyObject, alg) => {
 			case "ECDH-ES+A128KW":
 			case "ECDH-ES+A192KW":
 			case "ECDH-ES+A256KW": break;
-			default: throw new TypeError("given KeyObject instance cannot be used for this algorithm");
+			default: throw new TypeError(unusableForAlg);
 		}
 		cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, isPublic ? [] : ["deriveBits"]);
 	}
 	if (keyObject.asymmetricKeyType === "ed25519") {
-		if (alg !== "EdDSA" && alg !== "Ed25519") throw new TypeError("given KeyObject instance cannot be used for this algorithm");
+		if (alg !== "EdDSA" && alg !== "Ed25519") throw new TypeError(unusableForAlg);
 		cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [isPublic ? "verify" : "sign"]);
 	}
+	switch (keyObject.asymmetricKeyType) {
+		case "ml-dsa-44":
+		case "ml-dsa-65":
+		case "ml-dsa-87":
+			if (alg !== keyObject.asymmetricKeyType.toUpperCase()) throw new TypeError(unusableForAlg);
+			cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [isPublic ? "verify" : "sign"]);
+	}
 	if (keyObject.asymmetricKeyType === "rsa") {
 		let hash;
 		switch (alg) {
@@ -1921,7 +2029,7 @@ const handleKeyObject = (keyObject, alg) => {
 			case "RSA-OAEP-512":
 				hash = "SHA-512";
 				break;
-			default: throw new TypeError("given KeyObject instance cannot be used for this algorithm");
+			default: throw new TypeError(unusableForAlg);
 		}
 		if (alg.startsWith("RSA-OAEP")) return keyObject.toCryptoKey({
 			name: "RSA-OAEP",
@@ -1938,16 +2046,13 @@ const handleKeyObject = (keyObject, alg) => {
 			["secp384r1", "P-384"],
 			["secp521r1", "P-521"]
 		]).get(keyObject.asymmetricKeyDetails?.namedCurve);
-		if (!namedCurve) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-		if (alg === "ES256" && namedCurve === "P-256") cryptoKey = keyObject.toCryptoKey({
-			name: "ECDSA",
-			namedCurve
-		}, extractable, [isPublic ? "verify" : "sign"]);
-		if (alg === "ES384" && namedCurve === "P-384") cryptoKey = keyObject.toCryptoKey({
-			name: "ECDSA",
-			namedCurve
-		}, extractable, [isPublic ? "verify" : "sign"]);
-		if (alg === "ES512" && namedCurve === "P-521") cryptoKey = keyObject.toCryptoKey({
+		if (!namedCurve) throw new TypeError(unusableForAlg);
+		const expectedCurve = {
+			ES256: "P-256",
+			ES384: "P-384",
+			ES512: "P-521"
+		};
+		if (expectedCurve[alg] && namedCurve === expectedCurve[alg]) cryptoKey = keyObject.toCryptoKey({
 			name: "ECDSA",
 			namedCurve
 		}, extractable, [isPublic ? "verify" : "sign"]);
@@ -1956,12 +2061,12 @@ const handleKeyObject = (keyObject, alg) => {
 			namedCurve
 		}, extractable, isPublic ? [] : ["deriveBits"]);
 	}
-	if (!cryptoKey) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
+	if (!cryptoKey) throw new TypeError(unusableForAlg);
 	if (!cached) cache.set(keyObject, { [alg]: cryptoKey });
 	else cached[alg] = cryptoKey;
 	return cryptoKey;
 };
-var normalize_key_default = async (key, alg) => {
+async function normalizeKey(key, alg) {
 	if (key instanceof Uint8Array) return key;
 	if (isCryptoKey(key)) return key;
 	if (isKeyObject(key)) {
@@ -1978,9 +2083,32 @@ var normalize_key_default = async (key, alg) => {
 		return handleJWK(key, key, alg, true);
 	}
 	throw new Error("unreachable");
-};
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/validate_crit.js
+function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
+	if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) throw new Err("\"crit\" (Critical) Header Parameter MUST be integrity protected");
+	if (!protectedHeader || protectedHeader.crit === void 0) return /* @__PURE__ */ new Set();
+	if (!Array.isArray(protectedHeader.crit) || protectedHeader.crit.length === 0 || protectedHeader.crit.some((input) => typeof input !== "string" || input.length === 0)) throw new Err("\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present");
+	let recognized;
+	if (recognizedOption !== void 0) recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);
+	else recognized = recognizedDefault;
+	for (const parameter of protectedHeader.crit) {
+		if (!recognized.has(parameter)) throw new JOSENotSupported(`Extension Header Parameter "${parameter}" is not recognized`);
+		if (joseHeader[parameter] === void 0) throw new Err(`Extension Header Parameter "${parameter}" is missing`);
+		if (recognized.get(parameter) && protectedHeader[parameter] === void 0) throw new Err(`Extension Header Parameter "${parameter}" MUST be integrity protected`);
+	}
+	return new Set(protectedHeader.crit);
+}
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/check_key_type.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/validate_algorithms.js
+function validateAlgorithms(option, algorithms) {
+	if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) throw new TypeError(`"${option}" option must be an array of strings`);
+	if (!algorithms) return;
+	return new Set(algorithms);
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/check_key_type.js
 const tag = (key) => key?.[Symbol.toStringTag];
 const jwkMatchesOp = (alg, key, usage) => {
 	if (key.use !== void 0) {
@@ -2030,7 +2158,7 @@ const symmetricTypeCheck = (alg, key, usage) => {
 		if (isSecretJWK(key) && jwkMatchesOp(alg, key, usage)) return;
 		throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present`);
 	}
-	if (!is_key_like_default(key)) throw new TypeError(withAlg(alg, key, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+	if (!isKeyLike(key)) throw new TypeError(withAlg(alg, key, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
 	if (key.type !== "secret") throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type "secret"`);
 };
 const asymmetricTypeCheck = (alg, key, usage) => {
@@ -2038,99 +2166,44 @@ const asymmetricTypeCheck = (alg, key, usage) => {
 		case "decrypt":
 		case "sign":
 			if (isPrivateJWK(key) && jwkMatchesOp(alg, key, usage)) return;
-			throw new TypeError(`JSON Web Key for this operation be a private JWK`);
+			throw new TypeError(`JSON Web Key for this operation must be a private JWK`);
 		case "encrypt":
 		case "verify":
 			if (isPublicJWK(key) && jwkMatchesOp(alg, key, usage)) return;
-			throw new TypeError(`JSON Web Key for this operation be a public JWK`);
+			throw new TypeError(`JSON Web Key for this operation must be a public JWK`);
 	}
-	if (!is_key_like_default(key)) throw new TypeError(withAlg(alg, key, "CryptoKey", "KeyObject", "JSON Web Key"));
+	if (!isKeyLike(key)) throw new TypeError(withAlg(alg, key, "CryptoKey", "KeyObject", "JSON Web Key"));
 	if (key.type === "secret") throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type "secret"`);
 	if (key.type === "public") switch (usage) {
 		case "sign": throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type "private"`);
 		case "decrypt": throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type "private"`);
-		default: break;
 	}
 	if (key.type === "private") switch (usage) {
 		case "verify": throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type "public"`);
 		case "encrypt": throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type "public"`);
-		default: break;
-	}
-};
-var check_key_type_default = (alg, key, usage) => {
-	if (alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg)) symmetricTypeCheck(alg, key, usage);
-	else asymmetricTypeCheck(alg, key, usage);
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/subtle_dsa.js
-var subtle_dsa_default = (alg, algorithm) => {
-	const hash = `SHA-${alg.slice(-3)}`;
-	switch (alg) {
-		case "HS256":
-		case "HS384":
-		case "HS512": return {
-			hash,
-			name: "HMAC"
-		};
-		case "PS256":
-		case "PS384":
-		case "PS512": return {
-			hash,
-			name: "RSA-PSS",
-			saltLength: parseInt(alg.slice(-3), 10) >> 3
-		};
-		case "RS256":
-		case "RS384":
-		case "RS512": return {
-			hash,
-			name: "RSASSA-PKCS1-v1_5"
-		};
-		case "ES256":
-		case "ES384":
-		case "ES512": return {
-			hash,
-			name: "ECDSA",
-			namedCurve: algorithm.namedCurve
-		};
-		case "Ed25519":
-		case "EdDSA": return { name: "Ed25519" };
-		default: throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
-	}
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/get_sign_verify_key.js
-var get_sign_verify_key_default = async (alg, key, usage) => {
-	if (key instanceof Uint8Array) {
-		if (!alg.startsWith("HS")) throw new TypeError(invalid_key_input_default(key, "CryptoKey", "KeyObject", "JSON Web Key"));
-		return crypto.subtle.importKey("raw", key, {
-			hash: `SHA-${alg.slice(-3)}`,
-			name: "HMAC"
-		}, false, [usage]);
 	}
-	checkSigCryptoKey(key, alg, usage);
-	return key;
 };
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/verify.js
-var verify_default = async (alg, key, signature, data) => {
-	const cryptoKey = await get_sign_verify_key_default(alg, key, "verify");
-	check_key_length_default(alg, cryptoKey);
-	const algorithm = subtle_dsa_default(alg, cryptoKey.algorithm);
-	try {
-		return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);
-	} catch {
-		return false;
+function checkKeyType(alg, key, usage) {
+	switch (alg.substring(0, 2)) {
+		case "A1":
+		case "A2":
+		case "di":
+		case "HS":
+		case "PB":
+			symmetricTypeCheck(alg, key, usage);
+			break;
+		default: asymmetricTypeCheck(alg, key, usage);
 	}
-};
+}
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/jws/flattened/verify.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/jws/flattened/verify.js
 async function flattenedVerify(jws, key, options) {
-	if (!is_object_default(jws)) throw new JWSInvalid("Flattened JWS must be an object");
+	if (!isObject(jws)) throw new JWSInvalid("Flattened JWS must be an object");
 	if (jws.protected === void 0 && jws.header === void 0) throw new JWSInvalid("Flattened JWS must have either of the \"protected\" or \"header\" members");
 	if (jws.protected !== void 0 && typeof jws.protected !== "string") throw new JWSInvalid("JWS Protected Header incorrect type");
 	if (jws.payload === void 0) throw new JWSInvalid("JWS Payload missing");
 	if (typeof jws.signature !== "string") throw new JWSInvalid("JWS Signature missing or incorrect type");
-	if (jws.header !== void 0 && !is_object_default(jws.header)) throw new JWSInvalid("JWS Unprotected Header incorrect type");
+	if (jws.header !== void 0 && !isObject(jws.header)) throw new JWSInvalid("JWS Unprotected Header incorrect type");
 	let parsedProt = {};
 	if (jws.protected) try {
 		const protectedHeader = decode(jws.protected);
@@ -2138,12 +2211,12 @@ async function flattenedVerify(jws, key, options) {
 	} catch {
 		throw new JWSInvalid("JWS Protected Header is invalid");
 	}
-	if (!is_disjoint_default(parsedProt, jws.header)) throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+	if (!isDisjoint(parsedProt, jws.header)) throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
 	const joseHeader = {
 		...parsedProt,
 		...jws.header
 	};
-	const extensions = validate_crit_default(JWSInvalid, new Map([["b64", true]]), options?.crit, parsedProt, joseHeader);
+	const extensions = validateCrit(JWSInvalid, new Map([["b64", true]]), options?.crit, parsedProt, joseHeader);
 	let b64 = true;
 	if (extensions.has("b64")) {
 		b64 = parsedProt.b64;
@@ -2151,7 +2224,7 @@ async function flattenedVerify(jws, key, options) {
 	}
 	const { alg } = joseHeader;
 	if (typeof alg !== "string" || !alg) throw new JWSInvalid("JWS \"alg\" (Algorithm) Header Parameter missing or invalid");
-	const algorithms = options && validate_algorithms_default("algorithms", options.algorithms);
+	const algorithms = options && validateAlgorithms("algorithms", options.algorithms);
 	if (algorithms && !algorithms.has(alg)) throw new JOSEAlgNotAllowed("\"alg\" (Algorithm) Header Parameter value not allowed");
 	if (b64) {
 		if (typeof jws.payload !== "string") throw new JWSInvalid("JWS Payload must be a string");
@@ -2161,22 +2234,13 @@ async function flattenedVerify(jws, key, options) {
 		key = await key(parsedProt, jws);
 		resolvedKey = true;
 	}
-	check_key_type_default(alg, key, "verify");
-	const data = concat(encoder.encode(jws.protected ?? ""), encoder.encode("."), typeof jws.payload === "string" ? encoder.encode(jws.payload) : jws.payload);
-	let signature;
-	try {
-		signature = decode(jws.signature);
-	} catch {
-		throw new JWSInvalid("Failed to base64url decode the signature");
-	}
-	const k = await normalize_key_default(key, alg);
-	if (!await verify_default(alg, k, signature, data)) throw new JWSSignatureVerificationFailed();
+	checkKeyType(alg, key, "verify");
+	const data = concat(jws.protected !== void 0 ? encode$1(jws.protected) : new Uint8Array(), encode$1("."), typeof jws.payload === "string" ? b64 ? encode$1(jws.payload) : encoder.encode(jws.payload) : jws.payload);
+	const signature = decodeBase64url(jws.signature, "signature", JWSInvalid);
+	const k = await normalizeKey(key, alg);
+	if (!await verify(alg, k, signature, data)) throw new JWSSignatureVerificationFailed();
 	let payload;
-	if (b64) try {
-		payload = decode(jws.payload);
-	} catch {
-		throw new JWSInvalid("Failed to base64url decode the payload");
-	}
+	if (b64) payload = decodeBase64url(jws.payload, "payload", JWSInvalid);
 	else if (typeof jws.payload === "string") payload = encoder.encode(jws.payload);
 	else payload = jws.payload;
 	const result = { payload };
@@ -2189,7 +2253,7 @@ async function flattenedVerify(jws, key, options) {
 	return result;
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/jws/compact/verify.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/jws/compact/verify.js
 async function compactVerify(jws, key, options) {
 	if (jws instanceof Uint8Array) jws = decoder.decode(jws);
 	if (typeof jws !== "string") throw new JWSInvalid("Compact JWS must be a string or Uint8Array");
@@ -2211,17 +2275,15 @@ async function compactVerify(jws, key, options) {
 	return result;
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/epoch.js
-var epoch_default = (date) => Math.floor(date.getTime() / 1e3);
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/secs.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/lib/jwt_claims_set.js
+const epoch = (date) => Math.floor(date.getTime() / 1e3);
 const minute = 60;
 const hour = minute * 60;
 const day = hour * 24;
 const week = day * 7;
 const year = day * 365.25;
 const REGEX = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
-var secs_default = (str) => {
+function secs(str) {
 	const matched = REGEX.exec(str);
 	if (!matched || matched[4] && matched[1]) throw new TypeError("Invalid time period format");
 	const value = parseFloat(matched[2]);
@@ -2265,14 +2327,15 @@ var secs_default = (str) => {
 	}
 	if (matched[1] === "-" || matched[4] === "ago") return -numericDate;
 	return numericDate;
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/jwt_claims_set.js
+}
 function validateInput(label, input) {
 	if (!Number.isFinite(input)) throw new TypeError(`Invalid ${label} input`);
 	return input;
 }
-const normalizeTyp = (value) => value.toLowerCase().replace(/^application\//, "");
+const normalizeTyp = (value) => {
+	if (value.includes("/")) return value.toLowerCase();
+	return `application/${value.toLowerCase()}`;
+};
 const checkAudiencePresence = (audPayload, audOption) => {
 	if (typeof audPayload === "string") return audOption.includes(audPayload);
 	if (Array.isArray(audPayload)) return audOption.some(Set.prototype.has.bind(new Set(audPayload)));
@@ -2283,7 +2346,7 @@ function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
 	try {
 		payload = JSON.parse(decoder.decode(encodedPayload));
 	} catch {}
-	if (!is_object_default(payload)) throw new JWTInvalid("JWT Claims Set must be a top-level JSON object");
+	if (!isObject(payload)) throw new JWTInvalid("JWT Claims Set must be a top-level JSON object");
 	const { typ } = options;
 	if (typ && (typeof protectedHeader.typ !== "string" || normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) throw new JWTClaimValidationFailed("unexpected \"typ\" JWT header value", payload, "typ", "check_failed");
 	const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;
@@ -2299,7 +2362,7 @@ function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
 	let tolerance;
 	switch (typeof options.clockTolerance) {
 		case "string":
-			tolerance = secs_default(options.clockTolerance);
+			tolerance = secs(options.clockTolerance);
 			break;
 		case "number":
 			tolerance = options.clockTolerance;
@@ -2310,7 +2373,7 @@ function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
 		default: throw new TypeError("Invalid clockTolerance option type");
 	}
 	const { currentDate } = options;
-	const now = epoch_default(currentDate || /* @__PURE__ */ new Date());
+	const now = epoch(currentDate || /* @__PURE__ */ new Date());
 	if ((payload.iat !== void 0 || maxTokenAge) && typeof payload.iat !== "number") throw new JWTClaimValidationFailed("\"iat\" claim must be a number", payload, "iat", "invalid");
 	if (payload.nbf !== void 0) {
 		if (typeof payload.nbf !== "number") throw new JWTClaimValidationFailed("\"nbf\" claim must be a number", payload, "nbf", "invalid");
@@ -2322,7 +2385,7 @@ function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
 	}
 	if (maxTokenAge) {
 		const age = now - payload.iat;
-		const max = typeof maxTokenAge === "number" ? maxTokenAge : secs_default(maxTokenAge);
+		const max = typeof maxTokenAge === "number" ? maxTokenAge : secs(maxTokenAge);
 		if (age - tolerance > max) throw new JWTExpired("\"iat\" claim timestamp check failed (too far in the past)", payload, "iat", "check_failed");
 		if (age < 0 - tolerance) throw new JWTClaimValidationFailed("\"iat\" claim timestamp check failed (it should be in the past)", payload, "iat", "check_failed");
 	}
@@ -2331,7 +2394,7 @@ function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
 var JWTClaimsBuilder = class {
 	#payload;
 	constructor(payload) {
-		if (!is_object_default(payload)) throw new TypeError("JWT Claims Set MUST be an object");
+		if (!isObject(payload)) throw new TypeError("JWT Claims Set MUST be an object");
 		this.#payload = structuredClone(payload);
 	}
 	data() {
@@ -2360,23 +2423,23 @@ var JWTClaimsBuilder = class {
 	}
 	set nbf(value) {
 		if (typeof value === "number") this.#payload.nbf = validateInput("setNotBefore", value);
-		else if (value instanceof Date) this.#payload.nbf = validateInput("setNotBefore", epoch_default(value));
-		else this.#payload.nbf = epoch_default(/* @__PURE__ */ new Date()) + secs_default(value);
+		else if (value instanceof Date) this.#payload.nbf = validateInput("setNotBefore", epoch(value));
+		else this.#payload.nbf = epoch(/* @__PURE__ */ new Date()) + secs(value);
 	}
 	set exp(value) {
 		if (typeof value === "number") this.#payload.exp = validateInput("setExpirationTime", value);
-		else if (value instanceof Date) this.#payload.exp = validateInput("setExpirationTime", epoch_default(value));
-		else this.#payload.exp = epoch_default(/* @__PURE__ */ new Date()) + secs_default(value);
+		else if (value instanceof Date) this.#payload.exp = validateInput("setExpirationTime", epoch(value));
+		else this.#payload.exp = epoch(/* @__PURE__ */ new Date()) + secs(value);
 	}
 	set iat(value) {
-		if (typeof value === "undefined") this.#payload.iat = epoch_default(/* @__PURE__ */ new Date());
-		else if (value instanceof Date) this.#payload.iat = validateInput("setIssuedAt", epoch_default(value));
-		else if (typeof value === "string") this.#payload.iat = validateInput("setIssuedAt", epoch_default(/* @__PURE__ */ new Date()) + secs_default(value));
+		if (value === void 0) this.#payload.iat = epoch(/* @__PURE__ */ new Date());
+		else if (value instanceof Date) this.#payload.iat = validateInput("setIssuedAt", epoch(value));
+		else if (typeof value === "string") this.#payload.iat = validateInput("setIssuedAt", epoch(/* @__PURE__ */ new Date()) + secs(value));
 		else this.#payload.iat = validateInput("setIssuedAt", value);
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/jwt/verify.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/jwt/verify.js
 async function jwtVerify(jwt, key, options) {
 	const verified = await compactVerify(jwt, key, options);
 	if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
@@ -2391,15 +2454,7 @@ async function jwtVerify(jwt, key, options) {
 	return result;
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/sign.js
-var sign_default = async (alg, key, data) => {
-	const cryptoKey = await get_sign_verify_key_default(alg, key, "sign");
-	check_key_length_default(alg, cryptoKey);
-	const signature = await crypto.subtle.sign(subtle_dsa_default(alg, cryptoKey.algorithm), cryptoKey, data);
-	return new Uint8Array(signature);
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/jws/flattened/sign.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/jws/flattened/sign.js
 var FlattenedSign = class {
 	#payload;
 	#protectedHeader;
@@ -2409,23 +2464,23 @@ var FlattenedSign = class {
 		this.#payload = payload;
 	}
 	setProtectedHeader(protectedHeader) {
-		if (this.#protectedHeader) throw new TypeError("setProtectedHeader can only be called once");
+		assertNotSet(this.#protectedHeader, "setProtectedHeader");
 		this.#protectedHeader = protectedHeader;
 		return this;
 	}
 	setUnprotectedHeader(unprotectedHeader) {
-		if (this.#unprotectedHeader) throw new TypeError("setUnprotectedHeader can only be called once");
+		assertNotSet(this.#unprotectedHeader, "setUnprotectedHeader");
 		this.#unprotectedHeader = unprotectedHeader;
 		return this;
 	}
 	async sign(key, options) {
 		if (!this.#protectedHeader && !this.#unprotectedHeader) throw new JWSInvalid("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");
-		if (!is_disjoint_default(this.#protectedHeader, this.#unprotectedHeader)) throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+		if (!isDisjoint(this.#protectedHeader, this.#unprotectedHeader)) throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
 		const joseHeader = {
 			...this.#protectedHeader,
 			...this.#unprotectedHeader
 		};
-		const extensions = validate_crit_default(JWSInvalid, new Map([["b64", true]]), options?.crit, this.#protectedHeader, joseHeader);
+		const extensions = validateCrit(JWSInvalid, new Map([["b64", true]]), options?.crit, this.#protectedHeader, joseHeader);
 		let b64 = true;
 		if (extensions.has("b64")) {
 			b64 = this.#protectedHeader.b64;
@@ -2433,25 +2488,37 @@ var FlattenedSign = class {
 		}
 		const { alg } = joseHeader;
 		if (typeof alg !== "string" || !alg) throw new JWSInvalid("JWS \"alg\" (Algorithm) Header Parameter missing or invalid");
-		check_key_type_default(alg, key, "sign");
-		let payload = this.#payload;
-		if (b64) payload = encoder.encode(encode(payload));
-		let protectedHeader;
-		if (this.#protectedHeader) protectedHeader = encoder.encode(encode(JSON.stringify(this.#protectedHeader)));
-		else protectedHeader = encoder.encode("");
-		const data = concat(protectedHeader, encoder.encode("."), payload);
+		checkKeyType(alg, key, "sign");
+		let payloadS;
+		let payloadB;
+		if (b64) {
+			payloadS = encode(this.#payload);
+			payloadB = encode$1(payloadS);
+		} else {
+			payloadB = this.#payload;
+			payloadS = "";
+		}
+		let protectedHeaderString;
+		let protectedHeaderBytes;
+		if (this.#protectedHeader) {
+			protectedHeaderString = encode(JSON.stringify(this.#protectedHeader));
+			protectedHeaderBytes = encode$1(protectedHeaderString);
+		} else {
+			protectedHeaderString = "";
+			protectedHeaderBytes = new Uint8Array();
+		}
+		const data = concat(protectedHeaderBytes, encode$1("."), payloadB);
 		const jws = {
-			signature: encode(await sign_default(alg, await normalize_key_default(key, alg), data)),
-			payload: ""
+			signature: encode(await sign(alg, await normalizeKey(key, alg), data)),
+			payload: payloadS
 		};
-		if (b64) jws.payload = decoder.decode(payload);
 		if (this.#unprotectedHeader) jws.header = this.#unprotectedHeader;
-		if (this.#protectedHeader) jws.protected = decoder.decode(protectedHeader);
+		if (this.#protectedHeader) jws.protected = protectedHeaderString;
 		return jws;
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/jws/compact/sign.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/jws/compact/sign.js
 var CompactSign = class {
 	#flattened;
 	constructor(payload) {
@@ -2468,7 +2535,7 @@ var CompactSign = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/jwt/sign.js
+//#region ../../node_modules/.pnpm/jose@6.2.3/node_modules/jose/dist/webapi/jwt/sign.js
 var SignJWT = class {
 	#protectedHeader;
 	#jwt;