Commit a266695
committed
fix: drop dependency on jwk-to-pem by using native crypto
This replaces jwk-to-pem with simply using crypto.createPublicKey. This
further drops elliptic from the dependency tree, which has known
security issues (note this is mostly for hygiene as jwk-to-pem doesn't
use the vulnerable code paths, per
Brightspace/node-jwk-to-pem#187).1 parent 85e418f commit a266695
File tree
5 files changed
+226
-321
lines changed- src/service/passport
- test
- fixtures/test-package
5 files changed
+226
-321
lines changed
0 commit comments