Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suggestion: replace asn1.js with any updated fork #61

Closed
tabarra opened this issue Jan 5, 2020 · 6 comments
Closed

suggestion: replace asn1.js with any updated fork #61

tabarra opened this issue Jan 5, 2020 · 6 comments

Comments

@tabarra
Copy link
Contributor

tabarra commented Jan 5, 2020

Describe the bug
Using jose will sometimes throw DeprecationWarning due to the fact that the dependency asn1.js is outdated and seems abandoned (the fix PR is open since march/2018).

Message

(node:29508) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

Environment:

  • jose version: 1.18.1
  • node version: v12.13.0

Some reading material
indutny/asn1.js#116
indutny/asn1.js#103
@tabarra tabarra added the bug Something isn't working label Jan 5, 2020
@panva
Copy link
Owner

panva commented Jan 6, 2020
edited
Loading

I don't trust forked releases but I'll see what I can do. I don't believe asn1.js is abandoned or outdated, it's still "just" a deprecation warning. Let's give [at]indutny a nudge over a channel he follows first.

@panva panva removed the bug Something isn't working label Jan 6, 2020
@panva panva changed the title bug: Replace asn1.js with any updated fork suggestion: replace asn1.js with any updated fork Jan 6, 2020
@panva
Copy link
Owner

panva commented Jan 6, 2020

All it takes is a nudge.

@panva panva closed this as completed Jan 6, 2020
@tabarra
Copy link
Contributor Author

tabarra commented Feb 15, 2020

Hey @panva, a bit unrelated, but do you mind trying to nudge him again?
Still getting new Buffer() deprecation warnings due to an outdated subdependnecy (bn.js).
Issue: indutny/asn1.js#120
PR: indutny/asn1.js#118

@panva
Copy link
Owner

panva commented Feb 15, 2020

I replied to the tweet thread again, but at this point it’s out of my hands.

panva added a commit that referenced this issue Feb 18, 2020
@panva
refactor: removed asn1.js in favor of slimmer @panva/asn1.js
5f09c89 
resolves #61
panva added a commit that referenced this issue Feb 18, 2020
@panva
refactor: removed asn1.js in favor of slimmer @panva/asn1.js
50f46cc 
resolves #61
panva added a commit that referenced this issue Feb 18, 2020
@panva
refactor: removed asn1.js in favor of slimmer @panva/asn1.js
9e7444b 
resolves #61
@panva
Copy link
Owner

panva commented Feb 19, 2020
edited
Loading

@tabarra so i went ahead, forked asn1.js and removed all its dependencies, including bn.js in favour of BigInt

The 1.23.0 release from yesterday already uses it - see https://bundlephobia.com/result?p=jose@1.23.0

@tabarra
Copy link
Contributor Author

tabarra commented Feb 19, 2020

Very good job Panva!
Thank you very much.

@github-actions github-actions bot locked and limited conversation to collaborators May 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@panva @tabarra