anthonywebb
commented
1 year ago Appears that v7 targets Node 16, bummer
Closed anthonywebb closed 1 year ago
anthonywebb
commented
1 year ago Appears that v7 targets Node 16, bummer
MasterKale
commented
1 year ago @anthonywebb I did a quick dive into the AWS docs, I'm seeing that Elastic Beanstalk supports Node v16 now:
It's been ages since I've used EBS myself so I'm not sure what it might take to upgrade a project. Maybe it's as easy as specifying one of those image tags in your package.json's engines property:
anthonywebb
commented
1 year ago @MasterKale ah, you are correct, this is very recent, good to know. Now that I have 6.2.2 running well do you think that the upgrade to 7.x is a compelling enough one worthy of the effort to upgrade? Have there been significant updates or security updates you feel are worth it?
MasterKale
commented
1 year ago The best response I have to that question is, check out the CHANGELOG and see if anything in there sounds appealing enough to you to update:
https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md
cormip
commented
1 year ago :-( Hmmm, that means this package is not compatible with MeteorJS. The v2.10.0 release from 2023-01-13 still runs on Node v14. Is there a way I can pass in the challenge string, as this seems to be where it having a problem:
I20230130-21:29:11.911(-5)? Exception while invoking method 'getCredentialCreationChallenge' TypeError: Cannot read property 'getRandomValues' of undefined
I20230130-21:29:11.911(-5)? at Object.getRandomValues (D:\myapp\node_modules\@simplewebauthn\server\dist\helpers\iso\isoCrypto\getRandomValues.js:14:29)
I20230130-21:29:11.912(-5)? at generateChallenge (D:\myapp\node_modules\@simplewebauthn\server\dist\helpers\generateChallenge.js:18:21)
I20230130-21:29:11.912(-5)? at generateRegistrationOptions (D:\myapp\node_modules\@simplewebauthn\server\dist\registration\generateRegistrationOptions.js:71:99)
I20230130-21:29:11.912(-5)? at MethodInvocation.getCredentialCreationChallenge (imports/api/webauthn/server/meth-webauthn.js:45:25)
...@cormip Unfortunately it won't be possible to use @simplewebauthn/server v7.0.0+ on Node 14 because server makes extensive use of Node.js' SubtleCrypto API, which mirrors the one available in browsers. This API is unavailable before NodeJS 15, though:
I was really surprised to see that MeteorJS had seemingly stalled out on moving up to Node 16 and beyond:
https://github.com/meteor/meteor/discussions/12015
It looks like it's a tough road ahead for not just that project, but users like as well who can't upgrade. You can still get along with server@6.2.2 for now, though, as there wasn't a ton of new functionality added with 7.0.0 (it was mostly "isomorphic" refactor to enable future ESM runtime support.)
cormip
commented
1 year ago @MasterKale I appreciate the response and update. I'll give server@6.2.2 a shot. Hopefully, the Meteor folks will pick up the pace and also go straight to Node v18 LTS.
I have a server running node 18 and my requests generate fine (generateRegistrationOptions). I have another server running v14 (this is the max at AWS elastic beanstalk) and it throws a "Cannot read property 'getRandomValues' of undefined" error. Is there some minimum version of node that is required now? Previous 6.2.2 was fine on both?