[v8] Update Dependencies (#1368)

This pull request primarily updates dependencies and refactors test
suites to improve consistency and compatibility with newer libraries.
The most significant changes are grouped below:

**Dependency Upgrades:**

* Updated several dependencies in `package.json`, including major
upgrades to `jose`, `eslint`, `jest`, `babel-jest`, `miniflare`, `nock`,
`supertest`, `ts-jest`, `tsx`, `typescript`, and related type packages.
These upgrades ensure compatibility with the latest features and
security patches.
[[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L44-R44)
[[2]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L53-R78)

**Testing Consistency & Modernization:**

* Replaced all usages of `.toThrowError` in Jest test assertions with
`.toThrow` for error checking across multiple test files, aligning with
best practices for newer Jest versions.
[[1]](diffhunk://#diff-674b12b55633a96dd5a8eb3177311ff4d2253741edc2a281166a829225aba040L129-R135)
[[2]](diffhunk://#diff-674b12b55633a96dd5a8eb3177311ff4d2253741edc2a281166a829225aba040L284-R286)
[[3]](diffhunk://#diff-674b12b55633a96dd5a8eb3177311ff4d2253741edc2a281166a829225aba040L346-R344)
[[4]](diffhunk://#diff-cd36b281a0abacada2f46ce13c54911e6c24a720de104792fec5f1b529f10f74L183-R185)
[[5]](diffhunk://#diff-cd36b281a0abacada2f46ce13c54911e6c24a720de104792fec5f1b529f10f74L203-R205)
[[6]](diffhunk://#diff-6b41d79b4db8c635487ebe8aa7e41eae6e10899ed0876c1de5f81e3b8a97b529L205-R205)
[[7]](diffhunk://#diff-6b41d79b4db8c635487ebe8aa7e41eae6e10899ed0876c1de5f81e3b8a97b529L357-R357)
[[8]](diffhunk://#diff-f5f65d907d4110a523dd2249817af8ee20f4f9e2f8259fd0594f0ba909237b47L154-R154)
[[9]](diffhunk://#diff-f5f65d907d4110a523dd2249817af8ee20f4f9e2f8259fd0594f0ba909237b47L178-R178)
[[10]](diffhunk://#diff-59f7ea4f069122023e354579e47852aa960f15a06c522ceedde35f7c66db0400L2201-R2203)
[[11]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL102-R104)
[[12]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL113-R115)
[[13]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL124-R126)
[[14]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL136-R138)
[[15]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL148-R150)

* Updated Jest snapshot file headers to reference the current Jest
documentation URL instead of the deprecated link.
[[1]](diffhunk://#diff-51e4a0fec533fa983dab0091ee91e95a2de52e2c42836ff8de594153df44bbecL1-R1)
[[2]](diffhunk://#diff-e3850ae39761cff3333b5cf46beb64fb7171cc18c9a91eaa3693ba3c6a4985dcL1-R1)

**Mocking Improvements for JWT Handling:**

* Refactored mocking of the `jose` library in tests, switching from
`jest.spyOn` to `jest.mocked` for `jwtVerify` and `createRemoteJWKSet`.
This approach is more robust and compatible with newer Jest and
TypeScript versions.
[[1]](diffhunk://#diff-19c19386dcd41859de57e28e16189fe3fa794ae5bb588b15ddde89eee5c9b327R9-R13)
[[2]](diffhunk://#diff-19c19386dcd41859de57e28e16189fe3fa794ae5bb588b15ddde89eee5c9b327L69-R74)
[[3]](diffhunk://#diff-19c19386dcd41859de57e28e16189fe3fa794ae5bb588b15ddde89eee5c9b327L102-R107)
[[4]](diffhunk://#diff-19c19386dcd41859de57e28e16189fe3fa794ae5bb588b15ddde89eee5c9b327L250-R254)
[[5]](diffhunk://#diff-19c19386dcd41859de57e28e16189fe3fa794ae5bb588b15ddde89eee5c9b327L338-R342)
[[6]](diffhunk://#diff-19c19386dcd41859de57e28e16189fe3fa794ae5bb588b15ddde89eee5c9b327L384-R387)
[[7]](diffhunk://#diff-59f7ea4f069122023e354579e47852aa960f15a06c522ceedde35f7c66db0400R25-R30)
[[8]](diffhunk://#diff-59f7ea4f069122023e354579e47852aa960f15a06c522ceedde35f7c66db0400L888-R900)
[[9]](diffhunk://#diff-59f7ea4f069122023e354579e47852aa960f15a06c522ceedde35f7c66db0400L974-R978)
[[10]](diffhunk://#diff-59f7ea4f069122023e354579e47852aa960f15a06c522ceedde35f7c66db0400L1001-R1005)
[[11]](diffhunk://#diff-59f7ea4f069122023e354579e47852aa960f15a06c522ceedde35f7c66db0400L1043-R1046)

**Error Handling Standardization:**

* Standardized error throwing in tests by using direct error classes
(e.g., `UnauthorizedException`, `SignatureVerificationException`)
instead of custom error objects, simplifying the test logic and
improving clarity.
[[1]](diffhunk://#diff-674b12b55633a96dd5a8eb3177311ff4d2253741edc2a281166a829225aba040L129-R135)
[[2]](diffhunk://#diff-674b12b55633a96dd5a8eb3177311ff4d2253741edc2a281166a829225aba040L284-R286)
[[3]](diffhunk://#diff-674b12b55633a96dd5a8eb3177311ff4d2253741edc2a281166a829225aba040L346-R344)
[[4]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL102-R104)
[[5]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL113-R115)
[[6]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL124-R126)
[[7]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL136-R138)
[[8]](diffhunk://#diff-6e2a0e50ff73fa9faf5240a7705aabf4e870e3c3126c877fafc136cc723d346bL148-R150)

**Minor Test Maintenance:**

* Removed unused imports and made minor code cleanups in test files to
reduce noise and improve maintainability.

These changes collectively modernize the codebase, improve test
reliability, and ensure compatibility with the latest tooling.

Does this require changes to the WorkOS Docs? E.g. the [API
Reference](https://workos.com/docs/reference) or code snippets need
updates.

```
[ ] Yes
```

If yes, link a related docs PR and add a docs maintainer as a reviewer.
Their approval is required.

Author: nicknisi

package-lock.json

@@ -41,39 +41,39 @@
   },
   "dependencies": {
     "iron-session": "^8.0.4",
-    "jose": "~5.6.3",
+    "jose": "~6.1.0",
     "leb": "^1.0.0",
     "qs": "6.14.0"
   },
   "devDependencies": {
     "@babel/plugin-transform-modules-commonjs": "^7.26.3",
     "@babel/preset-env": "^7.26.9",
     "@babel/preset-typescript": "^7.27.0",
-    "@eslint/js": "^9.21.0",
+    "@eslint/js": "^9.37.0",
     "@types/cookie": "^0.6.0",
     "@types/glob": "^8.1.0",
-    "@types/jest": "^29.5.14",
+    "@types/jest": "^30.0.0",
     "@types/node": "~20",
     "@types/qs": "^6.14.0",
-    "@typescript-eslint/parser": "^8.25.0",
-    "babel-jest": "^29.7.0",
+    "@typescript-eslint/parser": "^8.46.0",
+    "babel-jest": "^30.2.0",
     "esbuild-fix-imports-plugin": "^1.0.21",
-    "eslint": "^9.21.0",
-    "eslint-plugin-jest": "^28.11.0",
-    "eslint-plugin-n": "^17.15.1",
+    "eslint": "^9.37.0",
+    "eslint-plugin-jest": "^29.0.1",
+    "eslint-plugin-n": "^17.23.1",
     "glob": "^11.0.3",
-    "jest": "29.7.0",
+    "jest": "30.2.0",
     "jest-environment-miniflare": "^2.14.2",
     "jest-fetch-mock": "^3.0.3",
-    "miniflare": "^3.20250408.2",
-    "nock": "^13.5.5",
+    "miniflare": "^4.20251004.0",
+    "nock": "^14.0.10",
     "prettier": "^3.5.3",
-    "supertest": "7.1.0",
-    "ts-jest": "29.3.1",
+    "supertest": "^7.1.4",
+    "ts-jest": "29.4.4",
     "tsup": "^8.5.0",
-    "tsx": "^4.19.0",
-    "typescript": "5.9.2",
-    "typescript-eslint": "^8.25.0"
+    "tsx": "^4.20.6",
+    "typescript": "5.9.3",
+    "typescript-eslint": "^8.46.0"
   },
   "exports": {
     ".": {

package.json

@@ -17,7 +17,6 @@ import {
   serializeCreateAuditLogEventOptions,
   serializeCreateAuditLogSchemaOptions,
 } from './serializers';
-import { FetchError } from '../common/utils/fetch-error';
 
 const event: CreateAuditLogEventOptions = {
   action: 'document.updated',
@@ -126,18 +125,14 @@ describe('AuditLogs', () => {
         const workosSpy = jest.spyOn(WorkOS.prototype, 'post');
 
         workosSpy.mockImplementationOnce(() => {
-          throw new FetchError({
-            message:
-              'Could not authorize the request. Maybe your API key is invalid?',
-            response: { status: 401, headers: new Headers(), data: {} },
-          });
+          throw new UnauthorizedException('a-request-id');
         });
 
         const workos = new WorkOS('invalid apikey');
 
         await expect(
           workos.auditLogs.createEvent('org_123', event),
-        ).rejects.toThrowError(new UnauthorizedException('a-request-id'));
+        ).rejects.toThrow(UnauthorizedException);
       });
     });
 
@@ -281,18 +276,14 @@ describe('AuditLogs', () => {
         };
 
         workosSpy.mockImplementationOnce(() => {
-          throw new FetchError({
-            message:
-              'Could not authorize the request. Maybe your API key is invalid?',
-            response: { status: 401, headers: new Headers(), data: {} },
-          });
+          throw new UnauthorizedException('a-request-id');
         });
 
         const workos = new WorkOS('invalid apikey');
 
-        await expect(
-          workos.auditLogs.createExport(options),
-        ).rejects.toThrowError(new UnauthorizedException('a-request-id'));
+        await expect(workos.auditLogs.createExport(options)).rejects.toThrow(
+          UnauthorizedException,
+        );
       });
     });
   });
@@ -343,18 +334,14 @@ describe('AuditLogs', () => {
         const workosSpy = jest.spyOn(WorkOS.prototype, 'get');
 
         workosSpy.mockImplementationOnce(() => {
-          throw new FetchError({
-            message:
-              'Could not authorize the request. Maybe your API key is invalid?',
-            response: { status: 401, headers: new Headers(), data: {} },
-          });
+          throw new UnauthorizedException('a-request-id');
         });
 
         const workos = new WorkOS('invalid apikey');
 
         await expect(
           workos.auditLogs.getExport('audit_log_export_1234'),
-        ).rejects.toThrowError(new UnauthorizedException('a-request-id'));
+        ).rejects.toThrow(UnauthorizedException);
 
         expect(workosSpy).toHaveBeenCalledWith(
           `/audit_logs/exports/audit_log_export_1234`,

src/audit-logs/audit-logs.spec.ts

@@ -236,9 +236,9 @@ describe('Fetch client', () => {
       const mockSleep = jest.spyOn(fetchClient, 'sleep');
       mockSleep.mockImplementation(() => Promise.resolve());
 
-      await expect(
-        fetchClient.get('/fga/v1/resources', {}),
-      ).rejects.toThrowError('Gateway Timeout');
+      await expect(fetchClient.get('/fga/v1/resources', {})).rejects.toThrow(
+        'Gateway Timeout',
+      );
 
       expect(mockShouldRetryRequest).toHaveBeenCalledTimes(4);
       expect(mockSleep).toHaveBeenCalledTimes(3);
@@ -256,9 +256,9 @@ describe('Fetch client', () => {
         'shouldRetryRequest',
       );
 
-      await expect(
-        fetchClient.get('/fga/v1/resources', {}),
-      ).rejects.toThrowError('Bad Request');
+      await expect(fetchClient.get('/fga/v1/resources', {})).rejects.toThrow(
+        'Bad Request',
+      );
 
       expect(mockShouldRetryRequest).toHaveBeenCalledTimes(1);
     });

src/common/net/fetch-client.spec.ts

@@ -202,7 +202,7 @@ describe('Organizations', () => {
             ],
             name: 'Test Organization',
           }),
-        ).rejects.toThrowError(
+        ).rejects.toThrow(
           'An Organization with the domain example.com already exists.',
         );
         expect(fetchBody()).toEqual({
@@ -354,7 +354,7 @@ describe('Organizations', () => {
               organization: 'org_01EHT88Z8J8795GZNQ4ZP1J81T',
               stripeCustomerId: 'cus_MX8J9nfK4lP2Yw',
             }),
-          ).rejects.toThrowError(
+          ).rejects.toThrow(
             'stripe_customer_id is not enabled for this environment',
           );
 

src/organizations/organizations.spec.ts

@@ -151,7 +151,7 @@ describe('Portal', () => {
             organization: 'bogus-id',
             returnUrl: 'https://www.example.com',
           }),
-        ).rejects.toThrowError(
+        ).rejects.toThrow(
           'Could not find an organization with the id, bogus-id.',
         );
         expect(fetchBody()).toEqual({
@@ -175,7 +175,7 @@ describe('Portal', () => {
             organization: 'bogus-id',
             returnUrl: 'https://www.example.com',
           }),
-        ).rejects.toThrowError(
+        ).rejects.toThrow(
           'Could not find an organization with the id, bogus-id.',
         );
         expect(fetchBody()).toEqual({

src/portal/portal.spec.ts

@@ -1,4 +1,4 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
+// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing
 
 exports[`SSO SSO getAuthorizationUrl with a connection generates an authorize url with the connection 1`] = `"https://api.workos.dev/sso/authorize?client_id=proj_123&connection=connection_123&redirect_uri=example.com%2Fsso%2Fworkos%2Fcallback&response_type=code"`;
 

src/sso/__snapshots__/sso.spec.ts.snap

@@ -1,4 +1,4 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
+// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing
 
 exports[`UserManagement getAuthorizationUrl with a code_challenge and code_challenge_method generates an authorize url 1`] = `"https://api.workos.com/user_management/authorize?client_id=proj_123&code_challenge=code_challenge_value&code_challenge_method=S256&provider=authkit&redirect_uri=example.com%2Fauth%2Fworkos%2Fcallback&response_type=code"`;
 

src/user-management/__snapshots__/user-management.spec.ts.snap

@@ -6,6 +6,11 @@ import userFixture from './fixtures/user.json';
 import fetch from 'jest-fetch-mock';
 import { fetchOnce } from '../common/utils/test-utils';
 
+jest.mock('jose', () => ({
+  ...jest.requireActual('jose'),
+  jwtVerify: jest.fn(),
+}));
+
 describe('Session', () => {
   let workos: WorkOS;
 
@@ -66,7 +71,7 @@ describe('Session', () => {
     });
 
     it('returns a failed response if the accessToken is not a valid JWT', async () => {
-      jest.spyOn(jose, 'jwtVerify').mockImplementation(() => {
+      jest.mocked(jose.jwtVerify).mockImplementation(() => {
         throw new Error('Invalid JWT');
       });
 
@@ -100,7 +105,7 @@ describe('Session', () => {
 
     it('returns a successful response if the sessionData is valid', async () => {
       jest
-        .spyOn(jose, 'jwtVerify')
+        .mocked(jose.jwtVerify)
         .mockResolvedValue({} as jose.JWTVerifyResult & jose.ResolvedKey);
 
       const cookiePassword = 'alongcookiesecretmadefortestingsessions';
@@ -247,7 +252,7 @@ describe('Session', () => {
         });
 
         jest
-          .spyOn(jose, 'jwtVerify')
+          .mocked(jose.jwtVerify)
           .mockResolvedValue({} as jose.JWTVerifyResult & jose.ResolvedKey);
 
         const cookiePassword = 'alongcookiesecretmadefortestingsessions';
@@ -336,7 +341,7 @@ describe('Session', () => {
   describe('getLogoutUrl', () => {
     it('returns a logout URL for the user', async () => {
       jest
-        .spyOn(jose, 'jwtVerify')
+        .mocked(jose.jwtVerify)
         .mockResolvedValue({} as jose.JWTVerifyResult & jose.ResolvedKey);
 
       const cookiePassword = 'alongcookiesecretmadefortestingsessions';
@@ -381,7 +386,7 @@ describe('Session', () => {
     describe('when a returnTo URL is provided', () => {
       it('returns a logout URL for the user', async () => {
         jest
-          .spyOn(jose, 'jwtVerify')
+          .mocked(jose.jwtVerify)
           .mockResolvedValue({} as jose.JWTVerifyResult & jose.ResolvedKey);
 
         const cookiePassword = 'alongcookiesecretmadefortestingsessions';

src/user-management/session.spec.ts

@@ -23,6 +23,12 @@ import identityFixture from './fixtures/identity.json';
 import * as jose from 'jose';
 import { sealData } from 'iron-session';
 
+jest.mock('jose', () => ({
+  ...jest.requireActual('jose'),
+  jwtVerify: jest.fn(),
+  createRemoteJWKSet: jest.fn(),
+}));
+
 const userId = 'user_01H5JQDV7R7ATEYZDEG0W5PRYS';
 const organizationMembershipId = 'om_01H5JQDV7R7ATEYZDEG0W5PRYS';
 const emailVerificationId = 'email_verification_01H5JQDV7R7ATEYZDEG0W5PRYS';
@@ -889,14 +895,14 @@ describe('UserManagement', () => {
     beforeEach(() => {
       // Mock createRemoteJWKSet
       jest
-        .spyOn(jose, 'createRemoteJWKSet')
+        .mocked(jose.createRemoteJWKSet)
         .mockImplementation(
           (_url: URL, _options?: jose.RemoteJWKSetOptions) => {
             // This function simulates the token verification process
             const verifyFunction = (
               _protectedHeader: jose.JWSHeaderParameters,
               _token: jose.FlattenedJWSInput,
-            ): Promise<jose.KeyLike> => {
+            ): Promise<any> => {
               return Promise.resolve({
                 type: 'public',
               });
@@ -974,7 +980,7 @@ describe('UserManagement', () => {
     });
 
     it('returns authenticated = false when the JWT is invalid', async () => {
-      jest.spyOn(jose, 'jwtVerify').mockImplementationOnce(() => {
+      jest.mocked(jose.jwtVerify).mockImplementationOnce(() => {
         throw new Error('Invalid JWT');
       });
 
@@ -1002,7 +1008,7 @@ describe('UserManagement', () => {
 
     it('returns the JWT claims when provided a valid JWT', async () => {
       jest
-        .spyOn(jose, 'jwtVerify')
+        .mocked(jose.jwtVerify)
         .mockResolvedValue({} as jose.JWTVerifyResult & jose.ResolvedKey);
 
       const cookiePassword = 'alongcookiesecretmadefortestingsessions';
@@ -1044,7 +1050,7 @@ describe('UserManagement', () => {
 
     it('returns the JWT claims when provided a valid JWT with multiple roles', async () => {
       jest
-        .spyOn(jose, 'jwtVerify')
+        .mocked(jose.jwtVerify)
         .mockResolvedValue({} as jose.JWTVerifyResult & jose.ResolvedKey);
 
       const cookiePassword = 'alongcookiesecretmadefortestingsessions';
@@ -2332,7 +2338,7 @@ describe('UserManagement', () => {
 
       expect(() => {
         workos.userManagement.getJwksUrl('');
-      }).toThrowError(TypeError);
+      }).toThrow(TypeError);
     });
   });
 });