Stop using buffer-equal-constant-time #1544
Assignees
Labels
type: process
A process-related concern. May include testing, release, or the like.
Comments
sofisl
added
the
type: process
|
Heads up that this library is not in active development, just in maintenance, so this might take a bit longer to get to. Thanks for submitting the issue! |
ddelgrosso1
pushed a commit
to ddelgrosso1/google-auth-library-nodejs
that referenced
this issue
May 16, 2023
* fix: add hashes to requirements.txt
and update Docker images so they require hashes.
* fix: add hashes to docker/owlbot/java/src
* Squashed commit of the following:
commit ab7384ea1c30df8ec2e175566ef2508e6c3a2acb
Author: Jeffrey Rennie <rennie@google.com>
Date: Tue Aug 23 11:38:48 2022 -0700
fix: remove pip install statements (googleapis#1546)
because the tools are already installed in the docker image as of googleapis/testing-infra-docker#227
commit 302667c9ab7210da42cc337e8f39fe1ea99049ef
Author: WhiteSource Renovate <bot@renovateapp.com>
Date: Tue Aug 23 19:50:28 2022 +0200
chore(deps): update dependency setuptools to v65.2.0 (googleapis#1541)
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
commit 6e9054fd91d1b500cae58ff72ee9aeb626077756
Author: WhiteSource Renovate <bot@renovateapp.com>
Date: Tue Aug 23 19:42:51 2022 +0200
chore(deps): update dependency nbconvert to v7 (googleapis#1543)
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
commit d229a1258999f599a90a9b674a1c5541e00db588
Author: Alexander Fenster <fenster@google.com>
Date: Mon Aug 22 15:04:53 2022 -0700
fix: update google-gax and remove obsolete deps (googleapis#1545)
commit 13ce62621e70059b2f5e3a7bade735f91c53339c
Author: Jeffrey Rennie <rennie@google.com>
Date: Mon Aug 22 11:08:21 2022 -0700
chore: remove release config and script (googleapis#1540)
We don't release to pypi anymore.
* chore: rollback java changes
to move forward with other languages until Java's docker image is fixed
Source-Link: googleapis/synthtool@4826337
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:7fefeb9e517db2dd8c8202d9239ff6788d6852bc92dd3aac57a46059679ac9de
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
ddelgrosso1
pushed a commit
to ddelgrosso1/google-auth-library-nodejs
that referenced
this issue
May 16, 2023
🤖 I have created a release *beep* *boop* --- ## [8.5.0](googleapis/google-auth-library-nodejs@v8.4.0...v8.5.0) (2022-08-31) ### Features * Support Not Requiring `projectId` When Not Required ([googleapis#1448](googleapis#1448)) ([b37489b](googleapis@b37489b)) ### Bug Fixes * add hashes to requirements.txt ([googleapis#1544](googleapis#1544)) ([googleapis#1449](googleapis#1449)) ([54afa8e](googleapis@54afa8e)) * remove `projectId` check for `signBlob` calls ([6c04661](googleapis@6c04661)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
|
Thanks for reporting - we'll replace Here's a tracking issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I noticed you use
buffer-equal-constant-timeindirectly throughjwsandgtoken.buffer-equal-constant-timeis a legacy and unsupported package since 2017. (Deprecation notice)It causes some issues in combination with docker and some other environments.
I'd appreciate if you can consider switching it.
A solid alternative for jwt purposes is fast-jwt.
I have already switched
jwshere: https://github.com/idoshamun/google-auth-library-nodejs/tree/update-jwt-libBut it's not enough as we also need to update gtoken
The text was updated successfully, but these errors were encountered: