`public_key` deprecations in OTP `27.0`

[maennchen]

===> Compiling jose
===> Compiling _build/default/lib/jose/src/jwa/jose_jwa.erl failed
_build/default/lib/jose/src/jwa/jose_jwa.erl:120:2: public_key:decrypt_private/3 is deprecated; do not use
_build/default/lib/jose/src/jwa/jose_jwa.erl:127:2: public_key:encrypt_public/3 is deprecated; do not use

See: https://github.com/erlef/oidcc_cowboy/actions/runs/9034558041/job/24963222738?pr=33

[maennchen]

I went to check It seems like the functions were deprecated without a replacement:

https://github.com/erlang/otp/blob/79bc8234396a4f619f40dadfb8458064ab29aa85/lib/public_key/src/public_key.erl#L116-L119

Commit: https://github.com/erlang/otp/commit/1e8d904ada2a0264ece549558fae80128745d464#diff-be09f175079f98e5baaee4302d27de2632a80105c41430ed6352e785d27f62f4

The docs quote security reasons: https://www.erlang.org/doc/apps/crypto/crypto.html#public_encrypt/4

This is a legacy function, for security reasons do not use.

[Neustradamus]

@badlop: Do you know this problem?

@Ri0n has tried to install an ejabberd :/

[maennchen]

Current state of discussions about the depreciation: https://erlangforums.com/t/security-working-group-minutes/3451/6?u=maennchen

[badlop]

Considering that the compilation warning will remain there, and there is no alternative, and Jose really requires that feature, I guess it makes sense to disable warnings_as_errors in https://github.com/potatosalad/erlang-jose/blob/eb6de2cb506b55533f550a1b0776c81b15317e23/rebar.config#L5

[maennchen]

Erlang Workaround for now:

rebar.config:

{overrides, [
    {override, jose, [{erl_opts, []}]}
]}.

[maennchen]

Will be undeprecated in OTP 27.1: https://github.com/erlang/otp/pull/8700