-
Notifications
You must be signed in to change notification settings - Fork 3
jsjws missing verifyJWSByNE #5
Comments
Does any of the recent commits make use of any of the changes made in addition to the deprecation of JWSByNE? If not then can we not roll back the dependency version to a previous one? |
We probably can and should. After further tests, it looks like this hiccup in jsrsasign prevents any token validation across the entire suite of Anvil software. I'm currently unable to set up and/or administrate any server without manually digging into node_modules and pinning jsrsasign to an older version. |
Short term fix for #5, because urgency is high, but a long-term solution is necessary.
What are alternatives to jsrsasign and/or new API paths available in jsrsasign that can replace the jsjws verification code currently in this repository? |
jsrsasign 4.9.2 to 5.0.0 JWS API migration guide is now provided: |
jsrsasign removed jsjws.verifyJWSByNE, which we use, in a minor release, violating semver.
This is causing failing tests and breaking functionality in connect-nodejs.
Either we wait for @kjur to release a fixed copy and pin the version of the jsrsasign dependency to an older version for now, or we find an alternative and replace jsrsasign now.
Either way, since these functions are deprecated, it sounds like we'll have to replace them eventually.
The text was updated successfully, but these errors were encountered: