2.0.3

CHANGELOG.md

@@ -33,6 +33,9 @@ Yay for [SemVer](http://semver.org/).
 <!-- TOC END -->
 
 ## Version 2.0.x
+### Version 2.0.3
+- base64url dependency replaced
+
 ### Version 2.0.2
 - [DIFF](https://github.com/panva/node-openid-client/compare/v2.0.1...v2.0.2)
 - dependency tree updates

README.md

@@ -1,6 +1,6 @@
 # openid-client
 
-[![build][travis-image]][travis-url] [![codecov][codecov-image]][codecov-url] [![snyk][snyk-image]][snyk-url] [![nsp][nsp-image]][nsp-url]
+[![build][travis-image]][travis-url] [![codecov][codecov-image]][codecov-url]
 
 openid-client is a server side [OpenID][openid-connect] Relying Party (RP, Client) implementation for
 Node.js, supports [passport][passport-url].
@@ -509,14 +509,10 @@ Issuer.useRequest();
 
 [travis-image]: https://api.travis-ci.com/panva/node-openid-client.svg?branch=master
 [travis-url]: https://travis-ci.com/panva/node-openid-client
-[nsp-image]: https://nodesecurity.io/orgs/panva/projects/d64be300-0668-45ea-ae1b-667149b52b0a/badge
-[nsp-url]: https://nodesecurity.io/orgs/panva/projects/d64be300-0668-45ea-ae1b-667149b52b0a
 [conformance-image]: https://api.travis-ci.com/panva/openid-client-conformance-tests.svg?branch=master
 [conformance-url]: https://github.com/panva/openid-client-conformance-tests
 [codecov-image]: https://codecov.io/gh/panva/node-openid-client/branch/master/graph/badge.svg
 [codecov-url]: https://codecov.io/gh/panva/node-openid-client
-[snyk-image]: https://snyk.io/test/npm/openid-client/badge.svg
-[snyk-url]: https://snyk.io/test/npm/openid-client
 [openid-connect]: http://openid.net/connect/
 [heroku-example]: https://tranquil-reef-95185.herokuapp.com/client
 [oidc-provider]: https://github.com/panva/node-oidc-provider

lib/client.js

@@ -5,7 +5,7 @@ const crypto = require('crypto');
 const querystring = require('querystring');
 const jose = require('node-jose');
 const uuid = require('uuid/v4');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const url = require('url');
 const _ = require('lodash');
 const tokenHash = require('oidc-token-hash');
@@ -630,7 +630,7 @@ class Client {
       .digest()
       .slice(0, len / 8);
 
-    return jose.JWK.asKey({ k: base64url(derivedBuffer), kty: 'oct' }).then((key) => {
+    return jose.JWK.asKey({ k: base64url.encode(derivedBuffer), kty: 'oct' }).then((key) => {
       instance(this)[cacheKey] = key;
       return key;
     });
@@ -649,7 +649,7 @@ class Client {
       return Promise.resolve(instance(this).jose_secret);
     }
 
-    return jose.JWK.asKey({ k: base64url(this.client_secret), kty: 'oct' }).then((key) => {
+    return jose.JWK.asKey({ k: base64url.encode(this.client_secret), kty: 'oct' }).then((key) => {
       instance(this).jose_secret = key;
       return key;
     });
@@ -924,8 +924,8 @@ class Client {
 
       if (alg === 'none') {
         return Promise.resolve([
-          base64url(JSON.stringify(header)),
-          base64url(payload),
+          base64url.encode(JSON.stringify(header)),
+          base64url.encode(payload),
           '',
         ].join('.'));
       }
@@ -965,7 +965,7 @@ class Client {
     }
 
     if (fields.alg.startsWith('PBES2')) {
-      fields.p2s = base64url(uuid());
+      fields.p2s = base64url.encode(uuid());
       fields.p2c = 4096;
     }
 

lib/passport_strategy.js

@@ -3,7 +3,7 @@
 const _ = require('lodash');
 const uuid = require('uuid/v4');
 const util = require('util');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const crypto = require('crypto');
 const url = require('url');
 const assert = require('assert');
@@ -94,7 +94,7 @@ OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, option
 
         switch (this._usePKCE) { // eslint-disable-line default-case
           case 'S256':
-            params.code_challenge = base64url(crypto.createHash('sha256').update(verifier).digest());
+            params.code_challenge = base64url.encode(crypto.createHash('sha256').update(verifier).digest());
             params.code_challenge_method = 'S256';
             break;
           case 'plain':

lib/token_set.js

@@ -1,5 +1,5 @@
 const now = require('./unix_timestamp');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 
 const decodedClaims = new WeakMap();
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "openid-client",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
   "keywords": [
     "auth",
@@ -43,12 +43,12 @@
     "lint"
   ],
   "dependencies": {
-    "base64url": "^2.0.0",
+    "base64-url": "^2.2.0",
     "got": "^8.3.1",
     "lodash": "^4.17.10",
     "lru-cache": "^4.1.3",
     "node-jose": "^0.11.0",
-    "oidc-token-hash": "^2.0.0",
+    "oidc-token-hash": "^3.0.0",
     "uuid": "^3.2.1"
   },
   "devDependencies": {

test/client/client_instance.test.js

@@ -6,7 +6,7 @@ const Client = require('../../lib/client');
 const now = require('../../lib/unix_timestamp');
 const url = require('url');
 const querystring = require('querystring');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const nock = require('nock');
 const sinon = require('sinon');
 const OpenIdConnectError = require('../../lib/open_id_connect_error');
@@ -1834,7 +1834,7 @@ const encode = object => base64url.encode(JSON.stringify(object));
           nock('https://src3.example.com')
             .get('/claims').reply(200, [{ alg: 'none' }, { age: 27 }, ''].map((comp) => {
               if (typeof comp === 'object') {
-                return base64url(JSON.stringify(comp));
+                return base64url.encode(JSON.stringify(comp));
               }
               return comp;
             }).join('.'));

test/tokenset/tokenset.test.js

@@ -1,5 +1,5 @@
 const sinon = require('sinon');
-const base64url = require('base64url');
+const base64url = require('base64-url');
 const { expect } = require('chai');
 const TokenSet = require('../../lib/token_set');
 const now = require('../../lib/unix_timestamp');