hono 4.11.2 → 4.11.4

package/dist/cjs/middleware/jwk/jwk.js

@@ -93,7 +93,11 @@ const jwk = (options, init) => {
     try {
       const keys = typeof options.keys === "function" ? await options.keys(ctx) : options.keys;
       const jwks_uri = typeof options.jwks_uri === "function" ? await options.jwks_uri(ctx) : options.jwks_uri;
-      payload = await import_jwt.Jwt.verifyWithJwks(token, { keys, jwks_uri, verification: verifyOpts }, init);
+      payload = await import_jwt.Jwt.verifyWithJwks(
+        token,
+        { keys, jwks_uri, verification: verifyOpts, allowedAlgorithms: options.alg },
+        init
+      );
     } catch (e) {
       cause = e;
     }

package/dist/cjs/middleware/jwt/jwt.js

@@ -34,6 +34,9 @@ const jwt = (options) => {
   if (!options || !options.secret) {
     throw new Error('JWT auth middleware requires options for "secret"');
   }
+  if (!options.alg) {
+    throw new Error('JWT auth middleware requires options for "alg"');
+  }
   if (!crypto.subtle || !crypto.subtle.importKey) {
     throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");
   }

package/dist/cjs/utils/jwt/jwt.js

@@ -56,14 +56,20 @@ const sign = async (payload, privateKey, alg = "HS256") => {
   return `${partialToken}.${signature}`;
 };
 const verify = async (token, publicKey, algOrOptions) => {
+  if (!algOrOptions) {
+    throw new import_types.JwtAlgorithmRequired();
+  }
   const {
-    alg = "HS256",
+    alg,
     iss,
     nbf = true,
     exp = true,
     iat = true,
     aud
-  } = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions || {};
+  } = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions;
+  if (!alg) {
+    throw new import_types.JwtAlgorithmRequired();
+  }
   const tokenParts = token.split(".");
   if (tokenParts.length !== 3) {
     throw new import_types.JwtTokenInvalid(token);
@@ -72,6 +78,9 @@ const verify = async (token, publicKey, algOrOptions) => {
   if (!isTokenHeader(header)) {
     throw new import_types.JwtHeaderInvalid(header);
   }
+  if (header.alg !== alg) {
+    throw new import_types.JwtAlgorithmMismatch(alg, header.alg);
+  }
   const now = Date.now() / 1e3 | 0;
   if (nbf && payload.nbf && payload.nbf > now) {
     throw new import_types.JwtTokenNotBefore(token);
@@ -117,6 +126,11 @@ const verify = async (token, publicKey, algOrOptions) => {
   }
   return payload;
 };
+const symmetricAlgorithms = [
+  import_jwa.AlgorithmTypes.HS256,
+  import_jwa.AlgorithmTypes.HS384,
+  import_jwa.AlgorithmTypes.HS512
+];
 const verifyWithJwks = async (token, options, init) => {
   const verifyOpts = options.verification || {};
   const header = decodeHeader(token);
@@ -126,6 +140,12 @@ const verifyWithJwks = async (token, options, init) => {
   if (!header.kid) {
     throw new import_types.JwtHeaderRequiresKid(header);
   }
+  if (symmetricAlgorithms.includes(header.alg)) {
+    throw new import_types.JwtSymmetricAlgorithmNotAllowed(header.alg);
+  }
+  if (!options.allowedAlgorithms.includes(header.alg)) {
+    throw new import_types.JwtAlgorithmNotAllowed(header.alg, options.allowedAlgorithms);
+  }
   if (options.jwks_uri) {
     const response = await fetch(options.jwks_uri, init);
     if (!response.ok) {
@@ -150,8 +170,11 @@ const verifyWithJwks = async (token, options, init) => {
   if (!matchingKey) {
     throw new import_types.JwtTokenInvalid(token);
   }
+  if (matchingKey.alg && matchingKey.alg !== header.alg) {
+    throw new import_types.JwtAlgorithmMismatch(matchingKey.alg, header.alg);
+  }
   return await verify(token, matchingKey, {
-    alg: matchingKey.alg || header.alg,
+    alg: header.alg,
     ...verifyOpts
   });
 };

package/dist/cjs/utils/jwt/types.js

@@ -19,10 +19,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var types_exports = {};
 __export(types_exports, {
   CryptoKeyUsage: () => CryptoKeyUsage,
+  JwtAlgorithmMismatch: () => JwtAlgorithmMismatch,
+  JwtAlgorithmNotAllowed: () => JwtAlgorithmNotAllowed,
   JwtAlgorithmNotImplemented: () => JwtAlgorithmNotImplemented,
+  JwtAlgorithmRequired: () => JwtAlgorithmRequired,
   JwtHeaderInvalid: () => JwtHeaderInvalid,
   JwtHeaderRequiresKid: () => JwtHeaderRequiresKid,
   JwtPayloadRequiresAud: () => JwtPayloadRequiresAud,
+  JwtSymmetricAlgorithmNotAllowed: () => JwtSymmetricAlgorithmNotAllowed,
   JwtTokenAudience: () => JwtTokenAudience,
   JwtTokenExpired: () => JwtTokenExpired,
   JwtTokenInvalid: () => JwtTokenInvalid,
@@ -38,6 +42,18 @@ class JwtAlgorithmNotImplemented extends Error {
     this.name = "JwtAlgorithmNotImplemented";
   }
 }
+class JwtAlgorithmRequired extends Error {
+  constructor() {
+    super('JWT verification requires "alg" option to be specified');
+    this.name = "JwtAlgorithmRequired";
+  }
+}
+class JwtAlgorithmMismatch extends Error {
+  constructor(expected, actual) {
+    super(`JWT algorithm mismatch: expected "${expected}", got "${actual}"`);
+    this.name = "JwtAlgorithmMismatch";
+  }
+}
 class JwtTokenInvalid extends Error {
   constructor(token) {
     super(`invalid JWT token: ${token}`);
@@ -82,6 +98,18 @@ class JwtHeaderRequiresKid extends Error {
     this.name = "JwtHeaderRequiresKid";
   }
 }
+class JwtSymmetricAlgorithmNotAllowed extends Error {
+  constructor(alg) {
+    super(`symmetric algorithm "${alg}" is not allowed for JWK verification`);
+    this.name = "JwtSymmetricAlgorithmNotAllowed";
+  }
+}
+class JwtAlgorithmNotAllowed extends Error {
+  constructor(alg, allowedAlgorithms) {
+    super(`algorithm "${alg}" is not in the allowed list: [${allowedAlgorithms.join(", ")}]`);
+    this.name = "JwtAlgorithmNotAllowed";
+  }
+}
 class JwtTokenSignatureMismatched extends Error {
   constructor(token) {
     super(`token(${token}) signature mismatched`);
@@ -116,10 +144,14 @@ var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   CryptoKeyUsage,
+  JwtAlgorithmMismatch,
+  JwtAlgorithmNotAllowed,
   JwtAlgorithmNotImplemented,
+  JwtAlgorithmRequired,
   JwtHeaderInvalid,
   JwtHeaderRequiresKid,
   JwtPayloadRequiresAud,
+  JwtSymmetricAlgorithmNotAllowed,
   JwtTokenAudience,
   JwtTokenExpired,
   JwtTokenInvalid,

package/dist/middleware/jwk/jwk.js

@@ -71,7 +71,11 @@ var jwk = (options, init) => {
     try {
       const keys = typeof options.keys === "function" ? await options.keys(ctx) : options.keys;
       const jwks_uri = typeof options.jwks_uri === "function" ? await options.jwks_uri(ctx) : options.jwks_uri;
-      payload = await Jwt.verifyWithJwks(token, { keys, jwks_uri, verification: verifyOpts }, init);
+      payload = await Jwt.verifyWithJwks(
+        token,
+        { keys, jwks_uri, verification: verifyOpts, allowedAlgorithms: options.alg },
+        init
+      );
     } catch (e) {
       cause = e;
     }

package/dist/middleware/jwt/jwt.js

@@ -8,6 +8,9 @@ var jwt = (options) => {
   if (!options || !options.secret) {
     throw new Error('JWT auth middleware requires options for "secret"');
   }
+  if (!options.alg) {
+    throw new Error('JWT auth middleware requires options for "alg"');
+  }
   if (!crypto.subtle || !crypto.subtle.importKey) {
     throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");
   }

package/dist/types/adapter/bun/websocket.d.ts

@@ -32,7 +32,7 @@ export declare const createWSContext: (ws: BunServerWebSocket<BunWebSocketData>)
 export declare const upgradeWebSocket: UpgradeWebSocket<any>;
 export declare const websocket: BunWebSocketHandler<BunWebSocketData>;
 /**
- * @deprecated Import `createWebSocket` and `websocket` directly from `hono/bun` instead.
+ * @deprecated Import `upgradeWebSocket` and `websocket` directly from `hono/bun` instead.
  * @returns A function to create a Bun WebSocket handler.
  */
 export declare const createBunWebSocket: <T>() => CreateWebSocket<T>;

package/dist/types/middleware/jwk/jwk.d.ts

@@ -6,6 +6,7 @@ import type { Context } from '../../context';
 import type { MiddlewareHandler } from '../../types';
 import type { CookiePrefixOptions } from '../../utils/cookie';
 import '../../context';
+import type { AsymmetricAlgorithm } from '../../utils/jwt/jwa';
 import type { HonoJsonWebKey } from '../../utils/jwt/jws';
 import type { VerifyOptions } from '../../utils/jwt/jwt';
 /**
@@ -19,6 +20,7 @@ import type { VerifyOptions } from '../../utils/jwt/jwt';
  * @param {boolean} [options.allow_anon] - If set to `true`, the middleware allows requests without a token to proceed without authentication.
  * @param {string} [options.cookie] - If set, the middleware attempts to retrieve the token from a cookie with these options (optionally signed) only if no token is found in the header.
  * @param {string} [options.headerName='Authorization'] - The name of the header to look for the JWT token. Default is 'Authorization'.
+ * @param {AsymmetricAlgorithm[]} options.alg - An array of allowed asymmetric algorithms for JWT verification. Only tokens signed with these algorithms will be accepted.
  * @param {RequestInit} [init] - Optional init options for the `fetch` request when retrieving JWKS from a URI.
  * @param {VerifyOptions} [options.verification] - Additional options for JWK payload verification.
  * @returns {MiddlewareHandler} The middleware handler function.
@@ -47,5 +49,6 @@ export declare const jwk: (options: {
         prefixOptions?: CookiePrefixOptions;
     };
     headerName?: string;
+    alg: AsymmetricAlgorithm[];
     verification?: VerifyOptions;
 }, init?: RequestInit) => MiddlewareHandler;

package/dist/types/middleware/jwt/jwt.d.ts

@@ -19,7 +19,7 @@ export type JwtVariables<T = any> = {
  * @param {object} options - The options for the JWT middleware.
  * @param {SignatureKey} [options.secret] - A value of your secret key.
  * @param {string} [options.cookie] - If this value is set, then the value is retrieved from the cookie header using that value as a key, which is then validated as a token.
- * @param {SignatureAlgorithm} [options.alg=HS256] - An algorithm type that is used for verifying. Available types are `HS256` | `HS384` | `HS512` | `RS256` | `RS384` | `RS512` | `PS256` | `PS384` | `PS512` | `ES256` | `ES384` | `ES512` | `EdDSA`.
+ * @param {SignatureAlgorithm} options.alg - An algorithm type that is used for verifying (required). Available types are `HS256` | `HS384` | `HS512` | `RS256` | `RS384` | `RS512` | `PS256` | `PS384` | `PS512` | `ES256` | `ES384` | `ES512` | `EdDSA`.
  * @param {string} [options.headerName='Authorization'] - The name of the header to look for the JWT token. Default is 'Authorization'.
  * @param {VerifyOptions} [options.verification] - Additional options for JWT payload verification.
  * @returns {MiddlewareHandler} The middleware handler function.
@@ -32,6 +32,7 @@ export type JwtVariables<T = any> = {
  *   '/auth/*',
  *   jwt({
  *     secret: 'it-is-very-secret',
+ *     alg: 'HS256',
  *     headerName: 'x-custom-auth-header', // Optional, default is 'Authorization'
  *   })
  * )
@@ -48,7 +49,7 @@ export declare const jwt: (options: {
         secret?: string | BufferSource;
         prefixOptions?: CookiePrefixOptions;
     };
-    alg?: SignatureAlgorithm;
+    alg: SignatureAlgorithm;
     headerName?: string;
     verification?: VerifyOptions;
 }) => MiddlewareHandler;
@@ -56,8 +57,9 @@ export declare const verifyWithJwks: (token: string, options: {
     keys?: import("../../utils/jwt/jws").HonoJsonWebKey[];
     jwks_uri?: string;
     verification?: VerifyOptions;
+    allowedAlgorithms: import("../../utils/jwt/jwa").AsymmetricAlgorithm[];
 }, init?: RequestInit) => Promise<import("../../utils/jwt/types").JWTPayload>;
-export declare const verify: (token: string, publicKey: SignatureKey, algOrOptions?: SignatureAlgorithm | import("../../utils/jwt/jwt").VerifyOptionsWithAlg) => Promise<import("../../utils/jwt/types").JWTPayload>;
+export declare const verify: (token: string, publicKey: SignatureKey, algOrOptions: SignatureAlgorithm | import("../../utils/jwt/jwt").VerifyOptionsWithAlg) => Promise<import("../../utils/jwt/types").JWTPayload>;
 export declare const decode: (token: string) => {
     header: import("../../utils/jwt/jwt").TokenHeader;
     payload: import("../../utils/jwt/types").JWTPayload;

package/dist/types/types.d.ts

@@ -532,7 +532,8 @@ export type TypedResponse<T = unknown, U extends StatusCode = StatusCode, F exte
     _format: F;
 };
 type MergeTypedResponse<T> = T extends Promise<void> ? T : T extends Promise<infer T2> ? T2 extends TypedResponse ? T2 : TypedResponse : T extends TypedResponse ? T : TypedResponse;
-type MergeMiddlewareResponse<T> = T extends (c: any, next: any) => Promise<infer R> ? Exclude<R, void> extends never ? never : Exclude<R, void> extends TypedResponse ? Exclude<R, void> : never : T extends (c: any, next: any) => infer R ? R extends TypedResponse ? R : never : never;
+type ExtractTypedResponseOnly<T> = T extends TypedResponse ? T : never;
+type MergeMiddlewareResponse<T> = T extends (c: any, next: any) => Promise<infer R> ? Exclude<R, void> extends never ? never : Exclude<R, void> extends Response | TypedResponse<any, any, any> ? ExtractTypedResponseOnly<Exclude<R, void>> : never : T extends (c: any, next: any) => infer R ? R extends Response | TypedResponse<any, any, any> ? ExtractTypedResponseOnly<R> : never : never;
 export type FormValue = string | Blob;
 export type ParsedFormValue = string | File;
 export type ValidationTargets<T extends FormValue = ParsedFormValue, P extends string = string> = {

package/dist/types/utils/jwt/index.d.ts

@@ -4,7 +4,7 @@
  */
 export declare const Jwt: {
     sign: (payload: import("./types").JWTPayload, privateKey: import("./jws").SignatureKey, alg?: import("./jwa").SignatureAlgorithm) => Promise<string>;
-    verify: (token: string, publicKey: import("./jws").SignatureKey, algOrOptions?: import("./jwa").SignatureAlgorithm | import("./jwt").VerifyOptionsWithAlg) => Promise<import("./types").JWTPayload>;
+    verify: (token: string, publicKey: import("./jws").SignatureKey, algOrOptions: import("./jwa").SignatureAlgorithm | import("./jwt").VerifyOptionsWithAlg) => Promise<import("./types").JWTPayload>;
     decode: (token: string) => {
         header: import("./jwt").TokenHeader;
         payload: import("./types").JWTPayload;
@@ -13,5 +13,6 @@ export declare const Jwt: {
         keys?: import("./jws").HonoJsonWebKey[];
         jwks_uri?: string;
         verification?: import("./jwt").VerifyOptions;
+        allowedAlgorithms: import("./jwa").AsymmetricAlgorithm[];
     }, init?: RequestInit) => Promise<import("./types").JWTPayload>;
 };

package/dist/types/utils/jwt/jwa.d.ts

@@ -19,3 +19,5 @@ export declare enum AlgorithmTypes {
     EdDSA = "EdDSA"
 }
 export type SignatureAlgorithm = keyof typeof AlgorithmTypes;
+export type SymmetricAlgorithm = 'HS256' | 'HS384' | 'HS512';
+export type AsymmetricAlgorithm = 'RS256' | 'RS384' | 'RS512' | 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512' | 'EdDSA';

package/dist/types/utils/jwt/jwt.d.ts

@@ -3,7 +3,7 @@
  * JSON Web Token (JWT)
  * https://datatracker.ietf.org/doc/html/rfc7519
  */
-import type { SignatureAlgorithm } from './jwa';
+import type { AsymmetricAlgorithm, SignatureAlgorithm } from './jwa';
 import type { HonoJsonWebKey, SignatureKey } from './jws';
 import type { JWTPayload } from './types';
 export interface TokenHeader {
@@ -27,13 +27,14 @@ export type VerifyOptions = {
 };
 export type VerifyOptionsWithAlg = {
     /** The algorithm used for decoding the token */
-    alg?: SignatureAlgorithm;
+    alg: SignatureAlgorithm;
 } & VerifyOptions;
-export declare const verify: (token: string, publicKey: SignatureKey, algOrOptions?: SignatureAlgorithm | VerifyOptionsWithAlg) => Promise<JWTPayload>;
+export declare const verify: (token: string, publicKey: SignatureKey, algOrOptions: SignatureAlgorithm | VerifyOptionsWithAlg) => Promise<JWTPayload>;
 export declare const verifyWithJwks: (token: string, options: {
     keys?: HonoJsonWebKey[];
     jwks_uri?: string;
     verification?: VerifyOptions;
+    allowedAlgorithms: AsymmetricAlgorithm[];
 }, init?: RequestInit) => Promise<JWTPayload>;
 export declare const decode: (token: string) => {
     header: TokenHeader;

package/dist/types/utils/jwt/types.d.ts

@@ -5,6 +5,12 @@
 export declare class JwtAlgorithmNotImplemented extends Error {
     constructor(alg: string);
 }
+export declare class JwtAlgorithmRequired extends Error {
+    constructor();
+}
+export declare class JwtAlgorithmMismatch extends Error {
+    constructor(expected: string, actual: string);
+}
 export declare class JwtTokenInvalid extends Error {
     constructor(token: string);
 }
@@ -26,6 +32,12 @@ export declare class JwtHeaderInvalid extends Error {
 export declare class JwtHeaderRequiresKid extends Error {
     constructor(header: object);
 }
+export declare class JwtSymmetricAlgorithmNotAllowed extends Error {
+    constructor(alg: string);
+}
+export declare class JwtAlgorithmNotAllowed extends Error {
+    constructor(alg: string, allowedAlgorithms: string[]);
+}
 export declare class JwtTokenSignatureMismatched extends Error {
     constructor(token: string);
 }

package/dist/utils/jwt/jwt.js

@@ -3,9 +3,13 @@ import { decodeBase64Url, encodeBase64Url } from "../../utils/encode.js";
 import { AlgorithmTypes } from "./jwa.js";
 import { signing, verifying } from "./jws.js";
 import {
+  JwtAlgorithmMismatch,
+  JwtAlgorithmNotAllowed,
+  JwtAlgorithmRequired,
   JwtHeaderInvalid,
   JwtHeaderRequiresKid,
   JwtPayloadRequiresAud,
+  JwtSymmetricAlgorithmNotAllowed,
   JwtTokenAudience,
   JwtTokenExpired,
   JwtTokenInvalid,
@@ -40,14 +44,20 @@ var sign = async (payload, privateKey, alg = "HS256") => {
   return `${partialToken}.${signature}`;
 };
 var verify = async (token, publicKey, algOrOptions) => {
+  if (!algOrOptions) {
+    throw new JwtAlgorithmRequired();
+  }
   const {
-    alg = "HS256",
+    alg,
     iss,
     nbf = true,
     exp = true,
     iat = true,
     aud
-  } = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions || {};
+  } = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions;
+  if (!alg) {
+    throw new JwtAlgorithmRequired();
+  }
   const tokenParts = token.split(".");
   if (tokenParts.length !== 3) {
     throw new JwtTokenInvalid(token);
@@ -56,6 +66,9 @@ var verify = async (token, publicKey, algOrOptions) => {
   if (!isTokenHeader(header)) {
     throw new JwtHeaderInvalid(header);
   }
+  if (header.alg !== alg) {
+    throw new JwtAlgorithmMismatch(alg, header.alg);
+  }
   const now = Date.now() / 1e3 | 0;
   if (nbf && payload.nbf && payload.nbf > now) {
     throw new JwtTokenNotBefore(token);
@@ -101,6 +114,11 @@ var verify = async (token, publicKey, algOrOptions) => {
   }
   return payload;
 };
+var symmetricAlgorithms = [
+  AlgorithmTypes.HS256,
+  AlgorithmTypes.HS384,
+  AlgorithmTypes.HS512
+];
 var verifyWithJwks = async (token, options, init) => {
   const verifyOpts = options.verification || {};
   const header = decodeHeader(token);
@@ -110,6 +128,12 @@ var verifyWithJwks = async (token, options, init) => {
   if (!header.kid) {
     throw new JwtHeaderRequiresKid(header);
   }
+  if (symmetricAlgorithms.includes(header.alg)) {
+    throw new JwtSymmetricAlgorithmNotAllowed(header.alg);
+  }
+  if (!options.allowedAlgorithms.includes(header.alg)) {
+    throw new JwtAlgorithmNotAllowed(header.alg, options.allowedAlgorithms);
+  }
   if (options.jwks_uri) {
     const response = await fetch(options.jwks_uri, init);
     if (!response.ok) {
@@ -134,8 +158,11 @@ var verifyWithJwks = async (token, options, init) => {
   if (!matchingKey) {
     throw new JwtTokenInvalid(token);
   }
+  if (matchingKey.alg && matchingKey.alg !== header.alg) {
+    throw new JwtAlgorithmMismatch(matchingKey.alg, header.alg);
+  }
   return await verify(token, matchingKey, {
-    alg: matchingKey.alg || header.alg,
+    alg: header.alg,
     ...verifyOpts
   });
 };

package/dist/utils/jwt/types.js

@@ -5,6 +5,18 @@ var JwtAlgorithmNotImplemented = class extends Error {
     this.name = "JwtAlgorithmNotImplemented";
   }
 };
+var JwtAlgorithmRequired = class extends Error {
+  constructor() {
+    super('JWT verification requires "alg" option to be specified');
+    this.name = "JwtAlgorithmRequired";
+  }
+};
+var JwtAlgorithmMismatch = class extends Error {
+  constructor(expected, actual) {
+    super(`JWT algorithm mismatch: expected "${expected}", got "${actual}"`);
+    this.name = "JwtAlgorithmMismatch";
+  }
+};
 var JwtTokenInvalid = class extends Error {
   constructor(token) {
     super(`invalid JWT token: ${token}`);
@@ -49,6 +61,18 @@ var JwtHeaderRequiresKid = class extends Error {
     this.name = "JwtHeaderRequiresKid";
   }
 };
+var JwtSymmetricAlgorithmNotAllowed = class extends Error {
+  constructor(alg) {
+    super(`symmetric algorithm "${alg}" is not allowed for JWK verification`);
+    this.name = "JwtSymmetricAlgorithmNotAllowed";
+  }
+};
+var JwtAlgorithmNotAllowed = class extends Error {
+  constructor(alg, allowedAlgorithms) {
+    super(`algorithm "${alg}" is not in the allowed list: [${allowedAlgorithms.join(", ")}]`);
+    this.name = "JwtAlgorithmNotAllowed";
+  }
+};
 var JwtTokenSignatureMismatched = class extends Error {
   constructor(token) {
     super(`token(${token}) signature mismatched`);
@@ -82,10 +106,14 @@ var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
 })(CryptoKeyUsage || {});
 export {
   CryptoKeyUsage,
+  JwtAlgorithmMismatch,
+  JwtAlgorithmNotAllowed,
   JwtAlgorithmNotImplemented,
+  JwtAlgorithmRequired,
   JwtHeaderInvalid,
   JwtHeaderRequiresKid,
   JwtPayloadRequiresAud,
+  JwtSymmetricAlgorithmNotAllowed,
   JwtTokenAudience,
   JwtTokenExpired,
   JwtTokenInvalid,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.11.2",
+  "version": "4.11.4",
   "description": "Web framework built on Web Standards",
   "main": "dist/cjs/index.js",
   "type": "module",
@@ -656,7 +656,7 @@
     "nodejs"
   ],
   "devDependencies": {
-    "@hono/eslint-config": "^2.0.3",
+    "@hono/eslint-config": "^2.0.5",
     "@hono/node-server": "^1.13.5",
     "@types/glob": "^9.0.0",
     "@types/jsdom": "^21.1.7",