jose - npm Package Compare versions
Comparing version 1.27.2 to 1.27.3
@@ -5,2 +5,12 @@ # Change Log | ||
| ## [1.27.3](https://github.com/panva/jose/compare/v1.27.2...v1.27.3) (2020-08-04) | ||
| ### Bug Fixes | ||
| * do not mutate unencoded payload when signing for multiple parties ([1695423](https://github.com/panva/jose/commit/169542363f884e4028db9f80086d631e626eb469)), closes [#89](https://github.com/panva/jose/issues/89) | ||
| * ensure "b64" is the same for all recipients edge cases ([d56ec9f](https://github.com/panva/jose/commit/d56ec9f5ddc2612e5ff21fe35d45a56e7153e0e4)) | ||
| ## [1.27.2](https://github.com/panva/jose/compare/v1.27.1...v1.27.2) (2020-07-01) | ||
@@ -7,0 +17,0 @@ |
@@ -47,5 +47,16 @@ const isObject = require('../help/is_object') | ||
| generalSerializer.validate = (jws, recipients) => { | ||
| let validateB64 = false | ||
| recipients.forEach(({ protectedHeader, unprotectedHeader }) => { | ||
| if (protectedHeader && !validateB64 && 'b64' in protectedHeader) { | ||
| validateB64 = true | ||
| } | ||
| validateCrit(protectedHeader, unprotectedHeader, protectedHeader ? protectedHeader.crit : undefined) | ||
| }) | ||
| if (validateB64) { | ||
| const values = recipients.map(({ protectedHeader }) => protectedHeader && protectedHeader.b64) | ||
| if (!values.every((actual, i, [expected]) => actual === expected)) { | ||
| throw new JWSInvalid('the "b64" Header Parameter value MUST be the same for all recipients') | ||
| } | ||
| } | ||
| } | ||
@@ -52,0 +63,0 @@ |
@@ -60,3 +60,3 @@ const base64url = require('../help/base64url') | ||
| */ | ||
| [PROCESS_RECIPIENT] (recipient) { | ||
| [PROCESS_RECIPIENT] (recipient, first) { | ||
| const { key, protectedHeader, unprotectedHeader } = recipient | ||
@@ -93,9 +93,3 @@ | ||
| if (joseHeader.protected.crit && joseHeader.protected.crit.includes('b64')) { | ||
| if (this._b64 !== undefined && this._b64 !== joseHeader.protected.b64) { | ||
| throw new JWSInvalid('the "b64" Header Parameter value MUST be the same for all recipients') | ||
| } else { | ||
| this._b64 = joseHeader.protected.b64 | ||
| } | ||
| if (!joseHeader.protected.b64) { | ||
| if (first && !joseHeader.protected.b64) { | ||
| if (this._binary) { | ||
@@ -135,5 +129,5 @@ this._payload = base64url.decodeToBuffer(this._payload) | ||
| for (const recipient of this._recipients) { | ||
| this[PROCESS_RECIPIENT](recipient) | ||
| } | ||
| this._recipients.forEach((recipient, i) => { | ||
| this[PROCESS_RECIPIENT](recipient, i === 0) | ||
| }) | ||
@@ -140,0 +134,0 @@ return serializer(this._payload, this._recipients) |
| { | ||
| "name": "jose", | ||
| "version": "1.27.2", | ||
| "version": "1.27.3", | ||
| "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -84,7 +84,7 @@ "keywords": [ | ||
| "devDependencies": { | ||
| "@commitlint/cli": "^8.3.4", | ||
| "@commitlint/config-conventional": "^8.3.4", | ||
| "@commitlint/cli": "^9.1.1", | ||
| "@commitlint/config-conventional": "^9.1.1", | ||
| "ava": "^2.4.0", | ||
| "babel-eslint": "^10.0.3", | ||
| "c8": "^7.0.0", | ||
| "c8": "^7.2.1", | ||
| "husky": "^4.0.0", | ||
@@ -91,0 +91,0 @@ "standard": "^14.3.1" |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.29%
232240
- Lines of code
- increased by0.1%
4854