Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buggy version of node-jose breaks node-forge for other consumers #10

Closed
jportner opened this issue Dec 27, 2021 · 0 comments · Fixed by #12
Closed

Buggy version of node-jose breaks node-forge for other consumers #10

jportner opened this issue Dec 27, 2021 · 0 comments · Fixed by #12
Labels
bug Something isn't working

Comments

@jportner
Copy link
Contributor

jportner commented Dec 27, 2021
edited
Loading

I found this bug when using Kibana, details here: elastic/kibana#122054.

In a nutshell:
The node-jose 1.1.0 dependency includes a bug that unintentionally changes the node-forge implementation of ByteBuffer. This affects other consumers of node-forge, which is how we discovered the linked Kibana issue.

This is a known issue in node-jose that was fixed in the 1.1.4 release but was not mentioned in the changelog.

This package should upgrade to node-jose 1.1.4 or 2.0.0 (note that the latter drops support for Node 6 and Node 8).
@jportner jportner added the bug Something isn't working label Dec 27, 2021
This was referenced Dec 27, 2021
Closed
Merged
@Bamieh Bamieh closed this as completed in #12 Jan 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update node jose
Update node-jose
1 participant
@jportner