Comparing version 1.10.1 to 1.10.2
@@ -5,2 +5,11 @@ # Change Log | ||
## [1.10.2](https://github.com/panva/jose/compare/v1.10.1...v1.10.2) (2019-10-29) | ||
### Bug Fixes | ||
* only use secp256k1 keys for signing/verification ([9588223](https://github.com/panva/jose/commit/95882232d6d409a321b6a8c168f5b78ebbdabf95)) | ||
## [1.10.1](https://github.com/panva/jose/compare/v1.10.0...v1.10.1) (2019-10-04) | ||
@@ -7,0 +16,0 @@ |
@@ -183,3 +183,6 @@ const { deflateRawSync } = require('zlib') | ||
delete i(this).recipients[0].generatedHeader | ||
i(this).protected = Object.assign({}, i(this).protected, generatedHeader) | ||
i(this).protected = { | ||
...i(this).protected, | ||
...generatedHeader | ||
} | ||
} | ||
@@ -186,0 +189,0 @@ |
@@ -17,3 +17,3 @@ const { deprecate } = require('util') | ||
const mergedParameters = (target = {}, source = {}) => { | ||
return Object.assign({}, { | ||
return { | ||
alg: source.alg, | ||
@@ -25,4 +25,5 @@ key_ops: source.key_ops, | ||
x5t: source.x5t, | ||
'x5t#S256': source['x5t#S256'] | ||
}, target) | ||
'x5t#S256': source['x5t#S256'], | ||
...target | ||
} | ||
} | ||
@@ -29,0 +30,0 @@ |
@@ -101,3 +101,3 @@ const { generateKeyPairSync, generateKeyPair: async } = require('crypto') | ||
case 'deriveKey': | ||
if (use === 'sig') { | ||
if (use === 'sig' || this.crv === secp256k1) { | ||
return new Set() | ||
@@ -104,0 +104,0 @@ } |
@@ -5,6 +5,6 @@ const { createHash } = require('crypto') | ||
const xt5 = (hash, cert) => base64url.encodeBuffer(createHash(hash).update(Buffer.from(cert, 'base64')).digest()) | ||
const x5t = (hash, cert) => base64url.encodeBuffer(createHash(hash).update(Buffer.from(cert, 'base64')).digest()) | ||
module.exports.kid = components => base64url.encodeBuffer(createHash('sha256').update(JSON.stringify(components)).digest()) | ||
module.exports.x5t = xt5.bind(undefined, 'sha1') | ||
module.exports['x5t#S256'] = xt5.bind(undefined, 'sha256') | ||
module.exports.x5t = x5t.bind(undefined, 'sha1') | ||
module.exports['x5t#S256'] = x5t.bind(undefined, 'sha256') |
{ | ||
"name": "jose", | ||
"version": "1.10.1", | ||
"version": "1.10.2", | ||
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -66,3 +66,3 @@ "keywords": [ | ||
"babel-eslint": "^10.0.3", | ||
"c8": "^5.0.4", | ||
"c8": "^6.0.1", | ||
"dtslint": "^0.9.8", | ||
@@ -69,0 +69,0 @@ "husky": "^3.0.7", |
# jose | ||
![build][actions-image] [![codecov][codecov-image]][codecov-url] | ||
> "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js with minimal dependencies | ||
@@ -320,4 +318,4 @@ | ||
Electron v6.x runtime is supported to the extent of the crypto engine BoringSSL feature parity with | ||
standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of | ||
Electron >=6.0.0 runtime is supported to the extent of the crypto engine BoringSSL feature parity | ||
with standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of | ||
[support](https://github.com/panva/jose/blob/master/test/electron/electron.test.js). | ||
@@ -382,4 +380,2 @@ | ||
[bug]: https://github.com/panva/jose/issues/new?labels=bug&template=bug-report.md&title=bug%3A+ | ||
[codecov-image]: https://img.shields.io/codecov/c/github/panva/jose/master.svg | ||
[codecov-url]: https://codecov.io/gh/panva/jose | ||
[documentation-jwe]: https://github.com/panva/jose/blob/master/docs/README.md#jwe-json-web-encryption | ||
@@ -409,4 +405,3 @@ [documentation-jwk]: https://github.com/panva/jose/blob/master/docs/README.md#jwk-json-web-key | ||
[suggest-feature]: https://github.com/panva/jose/issues/new?labels=enhancement&template=feature-request.md&title=proposal%3A+ | ||
[support-sponsor]: https://github.com/users/panva/sponsorship | ||
[actions-image]: https://github.com/panva/jose/workflows/Continuous%20Integration/badge.svg | ||
[support-sponsor]: https://github.com/sponsors/panva | ||
[sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=panva-jose&utm_content=auth |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
4578
206552
405