Sourced from oauth4webapi's releases.

v3.8.1

Fixes

• DPoP: add header JWK alg and pub when using ML-DSA keys (90a702e)

Sourced from oauth4webapi's changelog.

3.8.1 (2025-08-29)

Fixes

• DPoP: add header JWK alg and pub when using ML-DSA keys (90a702e)

• be2190f chore(release): 3.8.1
• 90a702e fix(DPoP): add header JWK alg and pub when using ML-DSA keys
• d8ce65d test: fix isNodeVersionAtLeast
• 49ca39f chore: cleanup after release
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)