Remove crypto-js library in next major release
#1239
Assignees
Labels
breaking
Backwards incompatible changes made to the public API.
Comments
WordArray stuff" in next major release
|
➤ Automation for Jira commented: The link to the corresponding Jira issue is https://ably.atlassian.net/browse/SDK-3570 |
|
Putting this on hold whilst I work on #1252, which I've split from this task. |
WordArray stuff" in next major releasecrypto-js library in next major release
This was referenced May 24, 2023
lawrence-forooghian
added a commit
that referenced
this issue
Jun 1, 2023
TODO also look for CryptoJS Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 6, 2023
TODO also look for CryptoJS Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 6, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 6, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 6, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 6, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 6, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 7, 2023
We’re going to use this to replace our current usage of CryptoJS, which we intend to remove in #1239. We considered using the implementation of HMAC from the Web Crypto, but after weighing the implications of doing so (token signing becoming unavailable in non-secure contexts) against the mildly-increased library size (1.61 kB increase) from adding an HMAC implementation, decided to go with the latter [1]. I picked this implementation because it's a single file that contains precisely the functionality that we need and it claims to be “designed for efficient minification”. It doesn’t come with any tests, but since our SDK has quite a few tests that will fail if the result of token signing is incorrect, I believe we’re OK. The code added here is taken verbatim from the linked gist, and then I’ve added an attribution comment and run Prettier. [1] https://ably-real-time.slack.com/archives/C030C5YLY/p1686152214032779?thread_ts=1686096207.512069&cid=C030C5YLY
lawrence-forooghian
added a commit
that referenced
this issue
Jun 7, 2023
We’re going to use this to replace our current usage of CryptoJS, which we intend to remove in #1239. We considered using the implementation of HMAC from the Web Crypto API, but after weighing the implications of doing so (token signing becoming unavailable in non-secure contexts) against the mildly-increased library size (1.61 kB increase) from adding an HMAC implementation, decided to go with the latter [1]. I picked this implementation because it's a single file that contains precisely the functionality that we need and it claims to be “designed for efficient minification”. It doesn’t come with any tests, but since our SDK has quite a few tests that will fail if the result of token signing is incorrect, I believe we’re OK. The code added here is taken verbatim from the linked gist, and then I’ve added an attribution comment and run Prettier. [1] https://ably-real-time.slack.com/archives/C030C5YLY/p1686152214032779?thread_ts=1686096207.512069&cid=C030C5YLY
lawrence-forooghian
added a commit
that referenced
this issue
Jun 7, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 7, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 12, 2023
Preparation for #1239 (removing CryptoJS dependency).
lawrence-forooghian
added a commit
that referenced
this issue
Jun 12, 2023
Preparation for #1239 (removing CryptoJS dependency).
lawrence-forooghian
added a commit
that referenced
this issue
Jun 12, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 13, 2023
Preparation for #1239 (removing CryptoJS dependency).
lawrence-forooghian
added a commit
that referenced
this issue
Jun 13, 2023
Preparation for #1239 (removing CryptoJS dependency).
lawrence-forooghian
added a commit
that referenced
this issue
Jun 13, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
lawrence-forooghian
added a commit
that referenced
this issue
Jun 13, 2023
Preparation for #1239 (removing CryptoJS dependency).
lawrence-forooghian
added a commit
that referenced
this issue
Jun 13, 2023
Preparation for #1239 (removing CryptoJS dependency).
lawrence-forooghian
added a commit
that referenced
this issue
Jun 13, 2023
We’re no longer making use of this library (in order to reduce bundle size, given that modern browsers provide all of the necessary crypto functionality). Resolves #1239.
|
Closed by #1333. |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As suggested by @SimonWoolf here as a way of reducing bundle size. This would mean removing the
crypto-jslibrary and instead using the browser’sCryptointerface.Split into:
The text was updated successfully, but these errors were encountered: