replace cbor-js with cbor 2

new package, esm

app/assets/javascripts/esm/authenticate-security-key.mjs

@@ -1,5 +1,6 @@
 import { isSupported } from 'govuk-frontend';
 import ErrorBanner from './error-banner.mjs';
+import { decode, encode } from 'cbor2';
 
 // This new way of writing Javascript components is based on the GOV.UK Frontend skeleton Javascript coding standard
 // that uses ES2015 Classes -
@@ -34,7 +35,7 @@ class AuthenticateSecurityKey {
         return response.arrayBuffer();
       })
       .then(data => {
-        var options = window.CBOR.decode(data);
+        var options = decode(new Uint8Array(data));
         // triggers browser dialogue to login with authenticator
         return window.navigator.credentials.get(options);
       })
@@ -65,7 +66,7 @@ class AuthenticateSecurityKey {
         return response.arrayBuffer();
       })
       .then(cbor => {
-        return Promise.resolve(window.CBOR.decode(cbor));
+        return Promise.resolve(decode(new Uint8Array(cbor)));
       })
       .then(data => {
         window.location.assign(data.redirect_url);
@@ -81,7 +82,7 @@ class AuthenticateSecurityKey {
     return fetch(this.authenticatePath, {
       method: 'POST',
       headers: { 'X-CSRFToken': csrf_token },
-      body: window.CBOR.encode({
+      body: encode({
         credentialId: new Uint8Array(credential.rawId),
         authenticatorData: new Uint8Array(credential.response.authenticatorData),
         signature: new Uint8Array(credential.response.signature),

app/assets/javascripts/esm/register-security-key.mjs

@@ -1,5 +1,6 @@
 import { isSupported } from 'govuk-frontend';
 import ErrorBanner from './error-banner.mjs';
+import { decode, encode } from 'cbor2';
 
 // This new way of writing Javascript components is based on the GOV.UK Frontend skeleton Javascript coding standard
 // that uses ES2015 Classes -
@@ -34,7 +35,7 @@ class RegisterSecurityKey {
         return response.arrayBuffer();
       })
       .then((data) => {
-        var options = window.CBOR.decode(data);
+        var options = decode(new Uint8Array(data));
         // triggers browser dialogue to select authenticator
         return window.navigator.credentials.create(options);
       })
@@ -61,7 +62,7 @@ class RegisterSecurityKey {
     return fetch(this.registerPath, {
       method: 'POST',
       headers: { 'X-CSRFToken': csrf_token },
-      body: window.CBOR.encode({
+      body: encode({
         attestationObject: new Uint8Array(response.attestationObject),
         clientDataJSON: new Uint8Array(response.clientDataJSON),
       })

package.json

@@ -24,7 +24,7 @@
   "license": "MIT",
   "homepage": "https://github.com/alphagov/notifications-admin#readme",
   "dependencies": {
-    "cbor-js": "0.1.0",
+    "cbor2": "^1.8.0",
     "govuk-frontend": "5.7.1",
     "jquery": "3.5.0",
     "morphdom": "2.6.1",

rollup.config.mjs

@@ -80,7 +80,6 @@ export default [
       paths.npm + 'query-command-supported/dist/queryCommandSupported.min.js',
       paths.npm + 'timeago/jquery.timeago.js',
       paths.npm + 'textarea-caret/index.js',
-      paths.npm + 'cbor-js/cbor.js',
       paths.src + 'javascripts/modules.js',
       paths.src + 'javascripts/govuk-frontend-toolkit/show-hide-content.js',
       paths.src + 'javascripts/stick-to-window-when-scrolling.js',
@@ -110,7 +109,6 @@ export default [
     },
     moduleContext: {
       './node_modules/jquery/dist/jquery.min.js': 'window',
-      './node_modules/cbor-js/cbor.js': 'window',
     },
     plugins: [
       nodeResolve(),