Prepare library for 1.0 release

[Copilot]

1.0 Readiness Review - COMPLETE ✅

This PR prepares the @cross/jwt library for 1.0 release with version updates, documentation improvements, and critical security fixes.

Version & Metadata

• Update version from 0.6.0 to 1.0.0 in deno.jsonc
• Update LICENSE copyright year from 2024 to 2024-2026

Documentation Updates

• Remove "Experimental" markers from exportPEMKey and importPEMKey in README (functions are stable and well-tested)
• Review and ensure all README examples are accurate and up-to-date
• Verify consistency between API documentation and actual exports
• Fix PEM filename inconsistency in export/import example

Security Fixes

• Fix RSA-PSS algorithm object mutation (was mutating key.algorithm directly)
• Add JSON.parse error handling in validateJWT to prevent information leakage
• Sanitize error messages in unsafeParseJWT and unsafeParseJOSEHeader

Code Quality & CI Fixes

• Review error handling patterns
• Check for security vulnerabilities
• Complete code review (0 issues found)
• Complete security scan with CodeQL (0 vulnerabilities found)
• Fix lint error (unused variable prefix with underscore)
• Fix test compatibility (maintain JWTParseError type in unsafe parse functions)

Summary of Changes

Files Modified: 5 files

• LICENSE: Updated copyright year
• README.md: Removed experimental markers, fixed example inconsistencies
• deno.jsonc: Updated version to 1.0.0
• src/core/validate.ts: Added JSON parse error handling, sanitized error messages, fixed lint issues
• src/crypto/sign-verify/rsapss.ts: Fixed key algorithm mutation issue

Security Improvements:

1. Fixed critical RSA-PSS key mutation that could cause cryptographic errors
2. Added proper JSON.parse error handling to prevent information leakage
3. Sanitized error messages while maintaining error type compatibility

CI Status:

• ✅ Lint checks passing
• ✅ Format checks passing
• ✅ Tests passing
• ✅ All changes validated

Original prompt

Review the code base and docs for 1.0 readiness

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Hexagon]

@copilot CI does not pass (lint/format/tests)

[Copilot]

@copilot CI does not pass (lint/format/tests)

Fixed in 7c10da3. The issues were:

1. Lint error: unused error variable - now prefixed with _
2. Test failure: error type changed from JWTParseError to JWTFormatError - reverted to always throw JWTParseError from unsafe parse functions while still sanitizing error messages

[Copilot]

Pull request overview

This PR prepares the @cross/jwt library for its 1.0 release with critical security fixes, documentation improvements, and version updates.

Changes:

• Fixed RSA-PSS algorithm object mutation bug that could cause cryptographic errors
• Enhanced error handling to prevent information leakage through sanitized error messages
• Updated documentation to remove experimental markers and fix example inconsistencies

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/crypto/sign-verify/rsapss.ts	Fixed critical bug where key.algorithm was being mutated directly; now creates new algorithm object
src/core/validate.ts	Added JSON.parse error handling and sanitized error messages in validateJWT, unsafeParseJWT, and unsafeParseJOSEHeader
README.md	Removed "Experimental" markers from exportPEMKey/importPEMKey and fixed PEM filename inconsistencies in examples
deno.jsonc	Updated version from 0.6.0 to 1.0.0
LICENSE	Updated copyright year from 2024 to 2024-2026

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Pinta365]

LGTM