jose - npm Package Compare versions

Comparing version 1.17.0 to 1.17.1

CHANGELOG.md

@@ -5,2 +5,11 @@ # Change Log
 
+## [1.17.1](https://github.com/panva/jose/compare/v1.17.0...v1.17.1) (2019-12-10)
+
+
+### Bug Fixes
+
+* properly fail to import unsupported openssh keys ([bee5744](https://github.com/panva/jose/commit/bee574457f29597ccab09d51ac61b85dd7a7146a))
+
+
+
 # [1.17.0](https://github.com/panva/jose/compare/v1.16.2...v1.17.0) (2019-12-10)
@@ -7,0 +16,0 @@

lib/jwk/import.js

@@ -29,2 +29,4 @@ const { deprecate } = require('util')
 
+const openSSHpublicKey = /^[a-zA-Z0-9-]+ (?:[a-zA-Z0-9+/])*(?:==|=)?(?: .*)?$/
+
 const asKey = (key, parameters, { calculateMissingRSAPrimes = false } = {}) => {
@@ -102,3 +104,3 @@ let privateKey, publicKey, secret
       // have them imported as symmetric "oct" keys
-      if (!key.includes('-----BEGIN')) {
+      if (!key.includes('-----BEGIN') && !openSSHpublicKey.test(key.toString('ascii').replace(/[\r\n]/g, ''))) {
         secret = createSecretKey(Buffer.isBuffer(key) ? key : Buffer.from(key))
@@ -105,0 +107,0 @@ }

lib/jwk/key/base.js

@@ -60,2 +60,5 @@ const { strict: assert } = require('assert')
 
+      x5c = [...x5c]
+      Object.freeze(x5c)
+
       x5c.forEach((cert, i) => {
@@ -62,0 +65,0 @@ let publicKey

package.json

 {
   "name": "jose",
-  "version": "1.17.0",
+  "version": "1.17.1",
   "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

214524

increased by0.21%

Lines of code

4681

increased by0.06%

No dependency changes