@octokit/webhooks - npm Package Compare versions

Comparing version 13.4.3 to 13.5.0

dist-bundle/index.js

@@ -473,11 +473,12 @@ // pkg/dist-src/createLogger.js
 // pkg/dist-src/index.js
-import { sign, verify as verify2 } from "@octokit/webhooks-methods";
+import { sign, verify } from "@octokit/webhooks-methods";
 
 // pkg/dist-src/verify-and-receive.js
-import { verify } from "@octokit/webhooks-methods";
+import { verifyWithFallback } from "@octokit/webhooks-methods";
 async function verifyAndReceive(state, event) {
-  const matchesSignature = await verify(
+  const matchesSignature = await verifyWithFallback(
     state.secret,
     event.payload,
-    event.signature
+    event.signature,
+    state.additionalSecrets
   ).catch(() => false);
@@ -670,2 +671,3 @@ if (!matchesSignature) {
       secret: options.secret,
+      additionalSecrets: options.additionalSecrets,
       hooks: {},
@@ -675,3 +677,3 @@ log: createLogger(options.log)
     this.sign = sign.bind(null, options.secret);
-    this.verify = verify2.bind(null, options.secret);
+    this.verify = verify.bind(null, options.secret);
     this.on = state.eventHandler.on;
@@ -678,0 +680,0 @@ this.onAny = state.eventHandler.onAny;

dist-src/index.js

@@ -25,2 +25,3 @@ import { createLogger } from "./createLogger.js";
       secret: options.secret,
+      additionalSecrets: options.additionalSecrets,
       hooks: {},
@@ -27,0 +28,0 @@ log: createLogger(options.log)

dist-src/verify-and-receive.js

@@ -1,7 +0,8 @@
-import { verify } from "@octokit/webhooks-methods";
+import { verifyWithFallback } from "@octokit/webhooks-methods";
 async function verifyAndReceive(state, event) {
-  const matchesSignature = await verify(
+  const matchesSignature = await verifyWithFallback(
     state.secret,
     event.payload,
-    event.signature
+    event.signature,
+    state.additionalSecrets
   ).catch(() => false);
@@ -8,0 +9,0 @@ if (!matchesSignature) {

dist-types/types.d.ts

@@ -30,2 +30,3 @@ import type { RequestError } from "@octokit/request-error";
     secret?: string;
+    additionalSecrets?: string[] | undefined;
     transform?: TransformMethod<TTransformed>;
@@ -32,0 +33,0 @@ log?: Partial<Logger>;

package.json

 {
   "name": "@octokit/webhooks",
-  "version": "13.4.3",
+  "version": "13.5.0",
   "description": "GitHub webhook events toolset for Node.js",
@@ -5,0 +5,0 @@ "keywords": [],

No alert changes

Improved metrics

Total package byte prevSize

160178

increased by0.23%

Lines of code

1650

increased by0.3%

No dependency changes