public_key deprecations in OTP 27.0

[maennchen]

===> Compiling jose
===> Compiling _build/default/lib/jose/src/jwa/jose_jwa.erl failed
_build/default/lib/jose/src/jwa/jose_jwa.erl:120:2: public_key:decrypt_private/3 is deprecated; do not use
_build/default/lib/jose/src/jwa/jose_jwa.erl:127:2: public_key:encrypt_public/3 is deprecated; do not use

See: https://github.com/erlef/oidcc_cowboy/actions/runs/9034558041/job/24963222738?pr=33

[maennchen]

I went to check It seems like the functions were deprecated without a replacement:

https://github.com/erlang/otp/blob/79bc8234396a4f619f40dadfb8458064ab29aa85/lib/public_key/src/public_key.erl#L116-L119

Commit: erlang/otp@1e8d904#diff-be09f175079f98e5baaee4302d27de2632a80105c41430ed6352e785d27f62f4

The docs quote security reasons:
https://www.erlang.org/doc/apps/crypto/crypto.html#public_encrypt/4

This is a legacy function, for security reasons do not use.

[Neustradamus]

@badlop: Do you know this problem?

@Ri0n has tried to install an ejabberd :/

[maennchen]

Current state of discussions about the depreciation: https://erlangforums.com/t/security-working-group-minutes/3451/6?u=maennchen

[badlop]

Considering that the compilation warning will remain there, and there is no alternative, and Jose really requires that feature, I guess it makes sense to disable warnings_as_errors in

erlang-jose/rebar.config

Line 5 in eb6de2c

warnings_as_errors

[maennchen]

Erlang Workaround for now:

rebar.config:

{overrides, [
    {override, jose, [{erl_opts, []}]}
]}.

[maennchen]

Will be undeprecated in OTP 27.1: erlang/otp#8700