auth0
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 24 additions & 2 deletions b/‎CHANGELOG.md‎
Lines changed: 24 additions & 2 deletions
diff --git a/‎package.json‎
Lines changed: 2 additions & 2 deletions b/‎package.json‎
Lines changed: 2 additions & 2 deletions
@@ -2,3 +2,4 @@ node_modules
 /test/keys
 /test/*.pem
 /test/encrypted-key-passphrase
+package-lock.json
@@ -1,8 +1,29 @@
 # Change Log
+
 All notable changes to this project will be documented in this file.
 
+## [4.0.1]
+
+### Changed
+
+- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require
+ that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
+ when using HMAC algorithms.
+- Upgrading JWA version to 2.0.1, adressing a compatibility issue for Node >= 25.
+
+## [3.2.3]
+
+### Changed
+
+- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require
+ that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
+ when using HMAC algorithms.
+- Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.
+
 ## [3.0.0]
+
 ### Changed
+
 - **BREAKING**: `jwt.verify` now requires an `algorithm` parameter, and
  `jws.createVerify` requires an `algorithm` option. The `"alg"` field
  signature headers is ignored. This mitigates a critical security flaw
@@ -12,7 +33,9 @@ All notable changes to this project will be documented in this file.
  for details.
 
 ## [2.0.0] - 2015-01-30
+
 ### Changed
+
 - **BREAKING**: Default payload encoding changed from `binary` to
  `utf8`. `utf8` is a is a more sensible default than `binary` because
  many payloads, as far as I can tell, will contain user-facing
@@ -21,14 +44,13 @@ All notable changes to this project will be documented in this file.
 - Code reorganization, thanks [@fearphage]! (<code>[7880050]</code>)
 
 ### Added
+
 - Option in all relevant methods for `encoding`. For those few users
  that might be depending on a `binary` encoding of the messages, this
  is for them. (<code>[6b6de48]</code>)
 
 [unreleased]: https://github.com/brianloveswords/node-jws/compare/v2.0.0...HEAD
 [2.0.0]: https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0
-
 [7880050]: https://github.com/brianloveswords/node-jws/commit/7880050
 [6b6de48]: https://github.com/brianloveswords/node-jws/commit/6b6de48
-
 [@fearphage]: https://github.com/fearphage
@@ -1,6 +1,6 @@
 {
  "name": "jws",
- "version": "4.0.0",
+ "version": "4.0.1",
  "description": "Implementation of JSON Web Signatures",
  "main": "index.js",
  "directories": {
@@ -24,7 +24,7 @@
  "readmeFilename": "readme.md",
  "gitHead": "c0f6b27bcea5a2ad2e304d91c2e842e4076a6b03",
  "dependencies": {
- "jwa": "^2.0.0",
+ "jwa": "^2.0.1",
  "safe-buffer": "^5.0.1"
  },
  "devDependencies": {