Drop support for old nodejs versions (req v14)

[jimmywarting]

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Removed some dependencies that are no longer needed.
This will require new nodejs versions.
the functionality stays the same.

References

Include any links supporting this change such as a:

• GitHub Issue/PR number addressed or fixed
• Auth0 Community post
• StackOverflow post
• Support forum thread
• Related pull requests/issues from other repos

If there are no references, simply delete this section.

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs

• All active GitHub checks for tests, formatting, and security are passing

• The correct base branch is being used, if not the default branch

• fix move from buffer-equal-constant-time to timingSafeEqual #46

• fix Enhancement/ tech debt: use Node's built-in toString(base64url) #48

• fix Signature is generated differently on Node v4 and Node v6 #19

• fix refactor: remove return value from key check helpers #45

• fix Deprecating jwa and jws packages #40

• fix Update error message typo #43

[panva]

Node crypto's own dsaEncoding option valued ieee-p1363 can be used for ECDSA to completely remove the ecdsa-sig-formatter dependency. This was added in nodejs/node#29292 and is available in all nodejs versions above v13.2.0 and v12.16.0.

At the same time the node crypto now offers one-shot sign and verify methods which can be used both in both a blocking and non-blocking manner.

[jimmywarting]

Hmm, can you show a code example of how to solve it...
maybe just do a little diff suggestion and then i can just apply the changes ;)

```diff
+
-
```

[panva]

You would need a separate signer and verifier functions (like it is done for RSA-PSS) and instead of padding and saltLength options use the dsaEncoding option. Nothing special really.

• https://github.com/nodejs/node/blob/6a489df73b0ab64f8fab016a7a71e209066fdb82/test/parallel/test-crypto-sign-verify.js#L554-L557
• https://github.com/nodejs/node/blob/6a489df73b0ab64f8fab016a7a71e209066fdb82/test/parallel/test-crypto-sign-verify.js#L516C38-L516C38

The one-shot APIs are self-explanatory and documented

• https://nodejs.org/api/crypto.html#cryptosignalgorithm-data-key-callback
• https://nodejs.org/api/crypto.html#cryptoverifyalgorithm-data-key-signature-callback

[jimmywarting]

Sry, i'm too lost right now. don't work much with cryptografy. will leave this fully up to you guys to solve.

[panva]

It's really just a lift and shift from the old api to the new and for ecdsa having a dedicated signer/verifier with the dsaEncoding option.

[tiAshEluntz]

Any update on this PR?
I am having some issue with buffer-equal-constant-time, should I create a small PR only to remove the dependency?