From fc2518e4031c3da83781b35ecce349e58c11faa2 Mon Sep 17 00:00:00 2001
From: Dave Longley <dlongley@digitalbazaar.com>
Date: Thu, 1 Aug 2024 13:34:31 -0400
Subject: [PATCH] Use `rdf-canonize` library directly to use RDFC-1.0.

---
 .github/workflows/main.yml        |  3 ++-
 CHANGELOG.md                      |  6 ++++++
 lib/suites/LinkedDataSignature.js | 16 +++++++++++++---
 package.json                      |  3 ++-
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e560c994..58732b23 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -67,7 +67,8 @@ jobs:
       - name: Generate coverage report
         run: npm run coverage-ci
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v4
         with:
           file: ./coverage/lcov.info
           fail_ci_if_error: true
+          token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf92c380..48a46645 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # jsonld-signatures ChangeLog
 
+## 11.3.0 - 2024-08-dd
+
+### Changed
+- Use `rdf-canonize` directly to get latest updates and avoid reliance
+  on `jsonld` package to provide it indirectly.
+
 ## 11.2.1 - 2023-05-14
 
 ### Fixed
diff --git a/lib/suites/LinkedDataSignature.js b/lib/suites/LinkedDataSignature.js
index cd623c6c..a4547285 100644
--- a/lib/suites/LinkedDataSignature.js
+++ b/lib/suites/LinkedDataSignature.js
@@ -1,10 +1,11 @@
 /*!
- * Copyright (c) 2017-2023 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2017-2024 Digital Bazaar, Inc. All rights reserved.
  */
 'use strict';
 
 const constants = require('../constants');
 const jsonld = require('jsonld');
+const rdfCanonize = require('rdf-canonize');
 const util = require('../util');
 const {sha256digest} = require('../sha256digest');
 const LinkedDataProof = require('./LinkedDataProof');
@@ -212,8 +213,8 @@ module.exports = class LinkedDataSignature extends LinkedDataProof {
     if(expansionMap) {
       throw new Error('"expansionMap" not supported.');
     }
-    return jsonld.canonize(input, {
-      algorithm: 'URDNA2015',
+    return _canonize(input, {
+      algorithm: 'RDFC-1.0',
       // do not resolve any relative URLs or terms, throw errors instead
       base: null,
       format: 'application/n-quads',
@@ -460,3 +461,12 @@ function _processSignatureParams({key, signer, verifier}) {
 
   return vm;
 }
+
+async function _canonize(input, options) {
+  // convert to RDF dataset and do canonicalization
+  const opts = {...options};
+  delete opts.format;
+  opts.produceGeneralizedRdf = false;
+  const dataset = await jsonld.toRDF(input, opts);
+  return rdfCanonize.canonize(dataset, options);
+}
diff --git a/package.json b/package.json
index 12a089cd..5dc76e78 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
   "dependencies": {
     "@digitalbazaar/security-context": "^1.0.0",
     "jsonld": "^8.0.0",
+    "rdf-canonize": "^4.0.1",
     "serialize-error": "^8.1.0"
   },
   "devDependencies": {
@@ -51,7 +52,7 @@
     "webpack": "^5.73.0"
   },
   "engines": {
-    "node": ">=14"
+    "node": ">=18"
   },
   "keywords": [
     "JSON",