Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve readme, update xml-crypto, fix ci. #96

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Improve readme, update xml-crypto, fix ci. #96

wants to merge 6 commits into from

Conversation

leMaik
Copy link
Contributor

@leMaik leMaik commented Sep 25, 2024
edited
Loading

I'm currently using a fork of this library, so I guess it's time to contribute my changes back to upstream. 🙃

  • createCipher and createDecipher are deprecated in Node.js and cause warnings. This resolves the warnings without changing the logic. Changing this to the more secure createCipheriv and createDecipheriv would require storing IVs and break existing key files, so I kept it as is for now (it was changed to a wrong implementation in an earlier version of this PR)
  • xml-crypto 4.x has a critical vulnerability, so I updated to 6.x. This in turn requires Node.js 16 or later, so I bumped the minimum version of this library in the readme (given that the oldest still supported Node.js version is Node.js 18, I hope that this is fine; if we update to Node.js >= 21, we could even get rid of rock-req and use the built-in fetch instead).
  • The initialization process involved a lot of trial-and-error for me. I extended the README to include my findings, and help new users setup their EBICS accounts.

@leMaik
Copy link
Contributor Author

leMaik commented Sep 25, 2024
edited
Loading

Node.js 19 EOL'd over a year ago and doesn't even know the CVE that is causing problems. I'll remove it from the GitHub workflow and add Node.js 22 (upcoming LTS) instead. 18/20/22 are the currently supported versions.

Edit: I have no idea why npm ci fails for Node.js 22. It works fine locally.

@leMaik leMaik changed the title Improve readme, update deprecated APIs and xml-crypto. Improve readme, update xml-crypto, fix ci. Sep 25, 2024
@nanov
Copy link
Contributor

nanov commented Nov 9, 2024

This is incredibly good work, still trying to find out with build fails on node 22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leMaik @nanov