ask-sdk-express-adapter
Advanced tools
ask-sdk-express-adapter - npm Package Compare versions
Comparing version 2.10.0 to 2.10.2
@@ -6,2 +6,13 @@ # Change Log | ||
| ## [2.10.2](https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/compare/v2.10.0...v2.10.2) (2021-03-16) | ||
| ### Bug Fixes | ||
| * deprecate ssl-root-cas and switch to use tls.rootCertificates to… ([#686](https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/issues/686)) ([8217a3f](https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/commit/8217a3f38ce1cba9d6b5b9d2488902cf12322cb7)) | ||
| # [2.10.0](https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/compare/v2.9.0...v2.10.0) (2020-10-08) | ||
@@ -8,0 +19,0 @@ |
@@ -22,3 +22,3 @@ import { Skill } from 'ask-sdk-core'; | ||
| * | ||
| * This function return an arry of pre-defined request handlers | ||
| * This function return an array of pre-defined request handlers | ||
| * which are supposed to be registered on users' express application, including: | ||
@@ -25,0 +25,0 @@ * 1: text parser 2: async function to get response envelope after verification, then send result back |
@@ -49,3 +49,3 @@ "use strict"; | ||
| * | ||
| * This function return an arry of pre-defined request handlers | ||
| * This function return an array of pre-defined request handlers | ||
| * which are supposed to be registered on users' express application, including: | ||
@@ -52,0 +52,0 @@ * 1: text parser 2: async function to get response envelope after verification, then send result back |
| /// <reference types="node" /> | ||
| import { IncomingHttpHeaders } from 'http'; | ||
| /** | ||
| * Provide constant value | ||
| * For more info, check `link <https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request> | ||
| */ | ||
| export declare const REQUIRED_NODE_VERSION = "12.3.0"; | ||
| /** | ||
| * Verifiers are run against incoming requests to verify authenticity and integrity of the request before processing | ||
@@ -5,0 +10,0 @@ * it. |
@@ -15,3 +15,3 @@ "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.TimestampVerifier = exports.SkillRequestSignatureVerifier = void 0; | ||
| exports.TimestampVerifier = exports.SkillRequestSignatureVerifier = exports.REQUIRED_NODE_VERSION = void 0; | ||
| const ask_sdk_core_1 = require("ask-sdk-core"); | ||
@@ -22,2 +22,3 @@ const crypto = require("crypto"); | ||
| const url = require("url"); | ||
| const semver_1 = require("semver"); | ||
| const helper_1 = require("./helper"); | ||
@@ -28,2 +29,3 @@ /** | ||
| */ | ||
| exports.REQUIRED_NODE_VERSION = "12.3.0"; | ||
| const VALID_SIGNING_CERT_CHAIN_PROTOCOL = 'https:'; | ||
@@ -222,7 +224,11 @@ const VALID_SIGNING_CERT_CHAIN_URL_HOST_NAME = 's3.amazonaws.com'; | ||
| } | ||
| // check whether the node version is greater or equal to 12.3.0 | ||
| if (!semver_1.gte(process.version, exports.REQUIRED_NODE_VERSION)) { | ||
| throw ask_sdk_core_1.createAskSdkError(this.constructor.name, `ask-sdk-express-adapter package require node version ${exports.REQUIRED_NODE_VERSION} or later, your current node version is ${process.version}. Please update your node version.`); | ||
| } | ||
| const caStore = helper_1.generateCAStore(require('tls').rootCertificates); | ||
| const certChain = helper_1.generateCertificatesArray(pemCert); | ||
| // Use the pki.verifyCertificateChain function from Node-forge to | ||
| // validate that all certificates in the chain combine to create a chain of trust to a trusted root CA certificate | ||
| // TODO: Implement certificate revocation check which is missed in pki.verifyCertificateChain function | ||
| const certChain = helper_1.generateCertificatesArray(pemCert); | ||
| const caStore = helper_1.generateCAStore(require('ssl-root-cas/latest').create()); | ||
| try { | ||
@@ -229,0 +235,0 @@ node_forge_1.pki.verifyCertificateChain(caStore, certChain); |
| { | ||
| "name": "ask-sdk-express-adapter", | ||
| "version": "2.10.0", | ||
| "version": "2.10.2", | ||
| "description": "Express adapter package for Alexa Skills Kit SDK", | ||
@@ -33,3 +33,3 @@ "main": "dist/index.js", | ||
| "node-forge": "^0.10.0", | ||
| "ssl-root-cas": "^1.3.1" | ||
| "semver": "^7.3.4" | ||
| }, | ||
@@ -45,2 +45,3 @@ "peerDependencies": { | ||
| "@types/node-forge": "^0.8.0", | ||
| "@types/semver": "^7.3.4", | ||
| "@types/sinon": "^7.0.13", | ||
@@ -50,3 +51,3 @@ "@types/supertest": "^2.0.7", | ||
| "@typescript-eslint/parser": "^3.9.0", | ||
| "ask-sdk-core": "^2.10.0", | ||
| "ask-sdk-core": "^2.10.2", | ||
| "ask-sdk-model": "^1.29.0", | ||
@@ -58,3 +59,3 @@ "chai": "^4.1.2", | ||
| "express": "^4.16.4", | ||
| "mocha": "^5.0.5", | ||
| "mocha": "^8.3.2", | ||
| "nock": "^9.2.3", | ||
@@ -70,3 +71,3 @@ "nyc": "^14.1.1", | ||
| "homepage": "https://github.com/alexa/alexa-skill-sdk-for-nodejs#readme", | ||
| "gitHead": "c1d833ebae31ae822d30eef733afb6581d47453d" | ||
| "gitHead": "31039daaeb50068fc8ca04740ab7dc4e7be67a52" | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.4%
60644
- Lines of code
- increased by1.68%
664
Worsened metrics
- Dev dependency count
- increased by4.35%
24
- Number of medium supply chain risk alerts
- increased by100%
2
Dependency changes
+ Addedsemver@^7.3.4
+ Addedsemver@7.6.3(transitive)
- Removedssl-root-cas@^1.3.1
- Removed@coolaj86/urequest@1.3.7(transitive)
- Removedssl-root-cas@1.3.1(transitive)