Skip to content

Resolve merge conflicts: bump node-forge 1.3.1 → 1.3.2 onto current master#100

Merged
QilongTang merged 2 commits intodependabot/npm_and_yarn/node-forge-1.3.2from
copilot/sub-pr-93
Feb 23, 2026
Merged

Resolve merge conflicts: bump node-forge 1.3.1 → 1.3.2 onto current master#100
QilongTang merged 2 commits intodependabot/npm_and_yarn/node-forge-1.3.2from
copilot/sub-pr-93

Conversation

Copy link
Contributor

Copilot AI commented Feb 23, 2026
edited
Loading

PR #93 (node-forge security bump) had become unmergeable due to divergence from master. Master had advanced to v1.0.31 with multiple dependency updates and new source files while the dependabot branch was still based on an older master state.

Changes

  • package-lock.json: Rebased onto master v1.0.31 (incorporates playwright, ajv, js-yaml updates) with node-forge updated to 1.3.2 (correct integrity hash + license field added)
  • package.json: Synced to v1.0.31; added tests/Toast.test.js to test:unit script to match master

Security fixes in node-forge 1.3.2

  • CVE-2025-12816 (HIGH) — ASN.1 validator desynchronization enabling MAC verification bypass
  • CVE-2025-66031 (HIGH) — Unbounded ASN.1 recursion → DoS via stack exhaustion
  • CVE-2025-66030 (MODERATE) — OID integer truncation enabling security decision bypass

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Feb 23, 2026
Merged
@QilongTang
Resolve merge conflicts: rebase onto master with node-forge 1.3.2
a84fe43 
Co-authored-by: QilongTang <3942418+QilongTang@users.noreply.github.com>
Copilot AI changed the title [WIP] Bump node-forge from 1.3.1 to 1.3.2 Resolve merge conflicts: bump node-forge 1.3.1 → 1.3.2 onto current master Feb 23, 2026
Copilot AI requested a review from QilongTang February 23, 2026 01:46
@QilongTang QilongTang marked this pull request as ready for review February 23, 2026 01:50
@QilongTang QilongTang merged commit 64b0e97 into dependabot/npm_and_yarn/node-forge-1.3.2 Feb 23, 2026
10 checks passed
@QilongTang QilongTang deleted the copilot/sub-pr-93 branch February 23, 2026 01:51
QilongTang added a commit that referenced this pull request Feb 23, 2026
@dependabot @zeusongit
@QilongTang
Bump node-forge from 1.3.1 to 1.3.2 (#93)
bd01890 
* Bump node-forge from 1.3.1 to 1.3.2

Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Resolve merge conflicts: bump node-forge 1.3.1 → 1.3.2 onto current master (#100)

* Initial plan

* Resolve merge conflicts: rebase onto master with node-forge 1.3.2

Co-authored-by: QilongTang <3942418+QilongTang@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: QilongTang <3942418+QilongTang@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ashish Aggarwal <ashish.aggarwal@autodesk.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: QilongTang <3942418+QilongTang@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@QilongTang QilongTang Awaiting requested review from QilongTang

Assignees

@QilongTang QilongTang

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@QilongTang