New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@digitalbazaar/zcap
Advanced tools
@digitalbazaar/zcap - npm Package Compare versions
Comparing version 7.2.0 to 7.2.1
| # @digitalbazaar/zcap ChangeLog | ||
| ## 7.2.1 - 2022-02-22 | ||
| ### Fixed | ||
| - Ensure `maxClockSkew` is considered when checking `maxDelegationTtl` | ||
| against current time. | ||
| - Use `karma@6.3.16` to address reported vulnerability with dev | ||
| dependency `karma`. | ||
| ## 7.2.0 - 2022-01-20 | ||
@@ -4,0 +12,0 @@ |
@@ -482,7 +482,14 @@ /*! | ||
| 1. The zcap's delegation date is not in the future (this also ensures | ||
| that the zcap's expiration date is not before its delegation date as | ||
| it would have triggered an expiration error in a previous check). | ||
| that the zcap's expiration date is not before its delegation date | ||
| as it would have triggered an expiration error in a previous check). | ||
| 2. The zcap's current TTL is <= `maxDelegationTtl` | ||
| 3. The zcap's TTL was never > `maxDelegationTtl`. */ | ||
| if(currentCapabilityDelegationTime > currentDate.getTime()) { | ||
| // use `utils.compareTime` to allow for allow for clock drift because | ||
| // we are comparing against `currentDate` | ||
| if(utils.compareTime({ | ||
| t1: currentCapabilityDelegationTime, | ||
| t2: currentDate.getTime(), | ||
| maxClockSkew | ||
| }) > 0) { | ||
| throw new Error( | ||
@@ -495,4 +502,11 @@ 'A delegated capability in the delegation chain was delegated ' + | ||
| const maxTtl = currentCapabilityExpirationTime - | ||
| currentCapabilityDelegationTime; | ||
| if(currentTtl > maxDelegationTtl || maxTtl > maxDelegationTtl) { | ||
| currentCapabilityDelegationTime; | ||
| // use `utils.compareTime` to allow for allow for clock drift because | ||
| // we are comparing against `currentDate` | ||
| const currentTtlComparison = utils.compareTime({ | ||
| t1: currentTtl, | ||
| t2: maxDelegationTtl, | ||
| maxClockSkew | ||
| }); | ||
| if(currentTtlComparison > 0 || maxTtl > maxDelegationTtl) { | ||
| throw new Error( | ||
@@ -499,0 +513,0 @@ 'A delegated capability in the delegation chain has a time to ' + |
| { | ||
| "name": "@digitalbazaar/zcap", | ||
| "version": "7.2.0", | ||
| "version": "7.2.1", | ||
| "description": "Authorization Capabilities reference implementation.", | ||
@@ -35,3 +35,3 @@ "homepage": "https://github.com/digitalbazaar/zcap", | ||
| "eslint-config-digitalbazaar": "^2.6.1", | ||
| "karma": "^5.2.3", | ||
| "karma": "^6.3.16", | ||
| "karma-chrome-launcher": "^3.1.0", | ||
@@ -38,0 +38,0 @@ "karma-edge-launcher": "^0.4.2", |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.82%
90518
- Lines of code
- increased by0.79%
1651
No dependency changes