[BUG]: @octokit/webhooks signature verification fails for payloads containing emoji characters

[veraakarthikbharadwaj]

What happened?

Signature verification using @octokit/webhooks fails when the webhook payload contains multibyte UTF-8 characters (e.g., emojis like 😊)

const signature = req.headers['x-hub-signature-256'];

  try {
    // Validate the signature using the raw body
    const isValid = await webhooks.verify(req.rawBody.toString(), signature);

    if (!isValid) {
      logger.error('Invalid signature');
      return res.status(401).send('Invalid signature');
    }

    console.log('✅ Valid webhook signature');
    res.sendStatus(200);
  } catch (err) {
    console.error('Error verifying signature:', err);
    res.sendStatus(500);
  }

Versions

octokit/webhooks - 13.3.0
node version - v20

Relevant log output

Code of Conduct

• I agree to follow this project's Code of Conduct

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀