Comparing version 2.0.4 to 2.0.5
@@ -5,2 +5,9 @@ # Changelog | ||
## [2.0.5](https://github.com/panva/jose/compare/v2.0.4...v2.0.5) (2021-04-09) | ||
### Bug Fixes | ||
* defer AES CBC w/ HMAC decryption after tag verification passes ([812e03f](https://github.com/panva/jose/commit/812e03fcf4963791ffd9a46417beea5a7a74d995)) | ||
## [2.0.4](https://github.com/panva/jose/compare/v2.0.3...v2.0.4) (2021-01-18) | ||
@@ -7,0 +14,0 @@ |
@@ -1,10 +0,10 @@ | ||
let encode; | ||
let encodeBuffer; | ||
let encode | ||
let encodeBuffer | ||
if (Buffer.isEncoding('base64url')) { | ||
encode = (input, encoding = 'utf8') => Buffer.from(input, encoding).toString('base64url'); | ||
encodeBuffer = (buf) => buf.toString('base64url'); | ||
encode = (input, encoding = 'utf8') => Buffer.from(input, encoding).toString('base64url') | ||
encodeBuffer = (buf) => buf.toString('base64url') | ||
} else { | ||
const fromBase64 = (base64) => base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_'); | ||
encode = (input, encoding = 'utf8') => fromBase64(Buffer.from(input, encoding).toString('base64')); | ||
encodeBuffer = (buf) => fromBase64(buf.toString('base64')); | ||
const fromBase64 = (base64) => base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_') | ||
encode = (input, encoding = 'utf8') => fromBase64(Buffer.from(input, encoding).toString('base64')) | ||
encodeBuffer = (buf) => fromBase64(buf.toString('base64')) | ||
} | ||
@@ -11,0 +11,0 @@ |
@@ -47,2 +47,6 @@ const { createCipheriv, createDecipheriv, getCiphers } = require('crypto') | ||
if (!macCheckPassed) { | ||
throw new JWEDecryptionFailed() | ||
} | ||
let cleartext | ||
@@ -54,3 +58,3 @@ try { | ||
if (!cleartext || !macCheckPassed) { | ||
if (!cleartext) { | ||
throw new JWEDecryptionFailed() | ||
@@ -57,0 +61,0 @@ } |
{ | ||
"name": "jose", | ||
"version": "2.0.4", | ||
"version": "2.0.5", | ||
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
240213
4926