Upgrade jwk-to-pem to address timing attack

bluehalo / node-fhir-server-core

An Open Source secure REST implementation for the HL7 FHIR Specification. For API documentation, please see https://github.com/Asymmetrik/node-fhir-server-core/wiki.

https://asymmetrik.com/healthcare

MIT License

391 stars 120 forks source link

Upgrade jwk-to-pem to address timing attack #216

Closed j3parker closed 4 years ago

j3parker commented 4 years ago

Fixes #215

j3parker commented 4 years ago

Our release notes are here: https://github.com/Brightspace/node-jwk-to-pem/releases

You should probably investigate the 2.0 bump:

[MAJOR] All PEM output is now in PKCS#8 format

Here is the full diff between 1.2.6 and 2.0.2: https://github.com/Brightspace/node-jwk-to-pem/compare/v1.2.6...master

awatson1978 commented 4 years ago

@j3parker - Thank you so much for the pull request!

When @jonterrylee, @Robert-W, @sshah-asymmetrik or @zeevosec merge this PR in, I'll update the downstream node-on-fhir repository accordingly.

awatson1978 commented 4 years ago

Quick question: What's the timeframe for this being published to NPM?

zeevo commented 4 years ago

I can today and will ping you @awatson1978

zeevo commented 4 years ago

New version 2.0.7 published @awatson1978