refactor(cookie): remove cookie-parser dependency and use the native …

…crypto module to sign cookie

lib/response.js

@@ -24,7 +24,7 @@ var path = require('path');
 var pathIsAbsolute = require('path').isAbsolute;
 var statuses = require('statuses')
 var merge = require('utils-merge');
-var sign = require('cookie-signature').sign;
+var crypto = require('crypto');
 var normalizeType = require('./utils').normalizeType;
 var normalizeTypes = require('./utils').normalizeTypes;
 var setCharset = require('./utils').setCharset;
@@ -746,7 +746,7 @@ res.cookie = function (name, value, options) {
     : String(value);
 
   if (signed) {
-    val = 's:' + sign(val, secret);
+    val = 's:' + val + '.' + crypto.createHmac('sha256', secret).update(val).digest('base64').replace(/\=+$/, '');
   }
 
   if (opts.maxAge != null) {

package.json

@@ -37,7 +37,6 @@
     "content-disposition": "^1.0.0",
     "content-type": "~1.0.4",
     "cookie": "0.7.1",
-    "cookie-signature": "^1.2.1",
     "debug": "4.3.6",
     "depd": "2.0.0",
     "encodeurl": "~2.0.0",