Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using buffer-equal-constant-time #451

Closed
idoshamun opened this issue May 2, 2023 · 1 comment
Closed

Stop using buffer-equal-constant-time #451

idoshamun opened this issue May 2, 2023 · 1 comment
Assignees
@ddelgrosso1
Labels
type: cleanup An internal cleanup or hygiene concern.

Comments

@idoshamun
Copy link

I noticed you use buffer-equal-constant-time indirectly through jws and gtoken.
buffer-equal-constant-time is a legacy and unsupported package since 2017. (salesforce/buffer-equal-constant-time#6)
It causes some issues in combination with docker and some other environments.
I'd appreciate if you can consider switching it.
A solid alternative for jwt purposes is fast-jwt.

I'm willing to work on it.

Related to googleapis/google-auth-library-nodejs#1544
@ddelgrosso1
Copy link
Contributor

@idoshamun thank you for opening this issue. It seems like the better place to fix this would be in node-jwa which is what is actually importing buffer-equal-constant-time. It looks like there is already an open issue there as well: auth0/node-jwa#46.

@ddelgrosso1 ddelgrosso1 self-assigned this Jun 28, 2023
@ddelgrosso1 ddelgrosso1 added the type: cleanup An internal cleanup or hygiene concern. label Jun 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ddelgrosso1 ddelgrosso1

Labels
type: cleanup An internal cleanup or hygiene concern.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@idoshamun @ddelgrosso1