Update http-signature to fix timing attacks against signature verification on version 4.3.X

- [x] Used appropriate template for the issue type
- [x] Searched both open and closed issues for duplicates of this issue
- [x] Title adequately and _concisely_ reflects the feature or the bug

# Bug Report

## Restify Version

4.3.x

## Node.js Version

does not matter

## Expected behaviour

Restify should be free of known security vulnerabilities.

## Actual behaviour

Restify uses an old version of http-signature that has a known vulnerability
 
 ```
"http-signature": "^0.11.0"
 ```

This is fixed in http-signature 1.0.0 (latest versions is 1.2.0)

See [joyent/node-http-signature@78ab1da](https://github.com/joyent/node-http-signature/commit/78ab1da232f31f695f5c362d863593a143aa8b56)

It is corrected in https://github.com/restify/node-restify/issues/1388 for version 5.x.

## Repro case

n/a

## Cause

## Are you willing and able to fix this?

Yes


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update http-signature to fix timing attacks against signature verification on version 4.3.X #1738

Bug Report

Restify Version

Node.js Version

Expected behaviour

Actual behaviour

Repro case

Cause

Are you willing and able to fix this?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Update http-signature to fix timing attacks against signature verification on version 4.3.X #1738

Description

Bug Report

Restify Version

Node.js Version

Expected behaviour

Actual behaviour

Repro case

Cause

Are you willing and able to fix this?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions