jose - npm Package Compare versions

Comparing version 1.10.1 to 1.10.2

CHANGELOG.md

@@ -5,2 +5,11 @@ # Change Log
 
+## [1.10.2](https://github.com/panva/jose/compare/v1.10.1...v1.10.2) (2019-10-29)
+
+
+### Bug Fixes
+
+* only use secp256k1 keys for signing/verification ([9588223](https://github.com/panva/jose/commit/95882232d6d409a321b6a8c168f5b78ebbdabf95))
+
+
+
 ## [1.10.1](https://github.com/panva/jose/compare/v1.10.0...v1.10.1) (2019-10-04)
@@ -7,0 +16,0 @@

lib/jwe/encrypt.js

@@ -183,3 +183,6 @@ const { deflateRawSync } = require('zlib')
       delete i(this).recipients[0].generatedHeader
-      i(this).protected = Object.assign({}, i(this).protected, generatedHeader)
+      i(this).protected = {
+        ...i(this).protected,
+        ...generatedHeader
+      }
     }
@@ -186,0 +189,0 @@

lib/jwk/import.js

@@ -17,3 +17,3 @@ const { deprecate } = require('util')
 const mergedParameters = (target = {}, source = {}) => {
-  return Object.assign({}, {
+  return {
     alg: source.alg,
@@ -25,4 +25,5 @@ key_ops: source.key_ops,
     x5t: source.x5t,
-    'x5t#S256': source['x5t#S256']
-  }, target)
+    'x5t#S256': source['x5t#S256'],
+    ...target
+  }
 }
@@ -29,0 +30,0 @@

lib/jwk/key/ec.js

@@ -101,3 +101,3 @@ const { generateKeyPairSync, generateKeyPair: async } = require('crypto')
       case 'deriveKey':
-        if (use === 'sig') {
+        if (use === 'sig' || this.crv === secp256k1) {
           return new Set()
@@ -104,0 +104,0 @@ }

lib/jwk/thumbprint.js

@@ -5,6 +5,6 @@ const { createHash } = require('crypto')
 
-const xt5 = (hash, cert) => base64url.encodeBuffer(createHash(hash).update(Buffer.from(cert, 'base64')).digest())
+const x5t = (hash, cert) => base64url.encodeBuffer(createHash(hash).update(Buffer.from(cert, 'base64')).digest())
 
 module.exports.kid = components => base64url.encodeBuffer(createHash('sha256').update(JSON.stringify(components)).digest())
-module.exports.x5t = xt5.bind(undefined, 'sha1')
-module.exports['x5t#S256'] = xt5.bind(undefined, 'sha256')
+module.exports.x5t = x5t.bind(undefined, 'sha1')
+module.exports['x5t#S256'] = x5t.bind(undefined, 'sha256')

package.json

 {
   "name": "jose",
-  "version": "1.10.1",
+  "version": "1.10.2",
   "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
@@ -66,3 +66,3 @@ "keywords": [
     "babel-eslint": "^10.0.3",
-    "c8": "^5.0.4",
+    "c8": "^6.0.1",
     "dtslint": "^0.9.8",
@@ -69,0 +69,0 @@ "husky": "^3.0.7",

README.md

 # jose
 
-![build][actions-image] [![codecov][codecov-image]][codecov-url]
-
 > "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js with minimal dependencies
@@ -320,4 +318,4 @@
 
-Electron v6.x runtime is supported to the extent of the crypto engine BoringSSL feature parity with
-standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of
+Electron >=6.0.0 runtime is supported to the extent of the crypto engine BoringSSL feature parity
+with standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of
 [support](https://github.com/panva/jose/blob/master/test/electron/electron.test.js).
@@ -382,4 +380,2 @@
 [bug]: https://github.com/panva/jose/issues/new?labels=bug&template=bug-report.md&title=bug%3A+
-[codecov-image]: https://img.shields.io/codecov/c/github/panva/jose/master.svg
-[codecov-url]: https://codecov.io/gh/panva/jose
 [documentation-jwe]: https://github.com/panva/jose/blob/master/docs/README.md#jwe-json-web-encryption
@@ -409,4 +405,3 @@ [documentation-jwk]: https://github.com/panva/jose/blob/master/docs/README.md#jwk-json-web-key
 [suggest-feature]: https://github.com/panva/jose/issues/new?labels=enhancement&template=feature-request.md&title=proposal%3A+
-[support-sponsor]: https://github.com/users/panva/sponsorship
-[actions-image]: https://github.com/panva/jose/workflows/Continuous%20Integration/badge.svg
+[support-sponsor]: https://github.com/sponsors/panva
 [sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=panva-jose&utm_content=auth

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Lines of code

4578

increased by0.09%

Worsened metrics

Total package byte prevSize

206552

decreased by-0.01%

Number of lines in readme file

405

decreased by-1.22%

No dependency changes