From 17ebf9694719caa368b1f5ecba6b9b33a2415f0d Mon Sep 17 00:00:00 2001 From: Keerthivasan Ramanathan Date: Fri, 22 Nov 2019 11:47:07 +0530 Subject: [PATCH 1/2] fix(ssl) : minor code change --- src/server/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/server.js b/src/server/server.js index 1b1ad3433..1c2292a14 100644 --- a/src/server/server.js +++ b/src/server/server.js @@ -126,7 +126,7 @@ class Server { this.env = { IS_PRODUCTION: !process.env.NODE_ENV || process.env.NODE_ENV === 'production', - USE_HTTPS: server.ssl && server.ssl.key && server.ssl.cert, + USE_HTTPS: (server.ssl && server.ssl.key && server.ssl.cert) ? server.ssl : undefined, }; // return self for chaining return this; From 2ff249d527965c05fc03028be301c63e4d76d009 Mon Sep 17 00:00:00 2001 From: Jacob Parker Date: Wed, 4 Dec 2019 14:40:45 -0500 Subject: [PATCH 2/2] Upgrade jwk-to-pem to address timing attack Fixes #215 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 586de7752..ddbbe8abb 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ "helmet": "^3.9.0", "jsonschema": "^1.2.2", "jsonwebtoken": "^8.1.0", - "jwk-to-pem": "^1.2.6", + "jwk-to-pem": "^2.0.2", "method-override": "^2.3.10", "moment": "^2.19.4", "moment-timezone": "^0.5.14",