chore(deps): update dependencies and pin JWT algorithm

Update all dependencies to latest patch/minor versions. Explicitly specify HS256 algorithm in JWT verify to prevent algorithm confusion attacks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
author: nsfisis <nsfisis@gmail.com> 2026-02-04 22:40:59 +0900
committer: nsfisis <nsfisis@gmail.com> 2026-02-04 22:43:15 +0900
commit: 7796e56971f193d40b2bc5e1ee414108e16c04c2 (patch)
tree: 1253f100206f56394ef91aa9b3e46ef054646e04 /src/server/middleware
parent: a99f71ab1d08145c21c0738ce3b61006e5536a63 (diff)
download: kioku-7796e56971f193d40b2bc5e1ee414108e16c04c2.tar.gz
kioku-7796e56971f193d40b2bc5e1ee414108e16c04c2.tar.zst
kioku-7796e56971f193d40b2bc5e1ee414108e16c04c2.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/server/middleware/auth.ts b/src/server/middleware/auth.ts
index bb85b35..3ddadd6 100644
--- a/src/server/middleware/auth.ts
+++ b/src/server/middleware/auth.ts
@@ -44,6 +44,7 @@ export async function authMiddleware(c: Context, next: Next) {
 		const payload = (await verify(
 			token,
 			getJwtSecret(),
+			"HS256",
 		)) as unknown as JWTPayload;
 
 		const user: AuthUser = {
author	nsfisis <nsfisis@gmail.com>	2026-02-04 22:40:59 +0900
committer	nsfisis <nsfisis@gmail.com>	2026-02-04 22:43:15 +0900
commit	7796e56971f193d40b2bc5e1ee414108e16c04c2 (patch)
tree	1253f100206f56394ef91aa9b3e46ef054646e04 /src/server/middleware
parent	a99f71ab1d08145c21c0738ce3b61006e5536a63 (diff)
download	kioku-7796e56971f193d40b2bc5e1ee414108e16c04c2.tar.gz kioku-7796e56971f193d40b2bc5e1ee414108e16c04c2.tar.zst kioku-7796e56971f193d40b2bc5e1ee414108e16c04c2.zip