Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): Bump the npm_and_yarn group across 3 directories with 3 updates #465

Merged
merged 1 commit into from
May 21, 2024
Merged

build(deps): Bump the npm_and_yarn group across 3 directories with 3 updates #465

merged 1 commit into from
May 21, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 21, 2024

Bumps the npm_and_yarn group with 1 update in the /common/policy-dsl directory: tough-cookie.
Bumps the npm_and_yarn group with 1 update in the /samples/fabric/fabric-cli directory: pkg.
Bumps the npm_and_yarn group with 1 update in the /sdks/fabric/interoperation-node-sdk directory: jsrsasign.

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

New Contributors

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • cacbc37 Bump version to 4.1.4
  • a48fb3a Add tests for url validation
  • 50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
  • 1253d58 Merge pull request #409 from corvidism/validators-to-string
  • 238367e Add local alias for toString
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • cf6debd Fix incorrect string validation for URL
  • b1a8898 fix: allow set cookies with localhost (#253)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates pkg from 4.5.1 to 5.8.1

Release notes

Sourced from pkg's releases.

5.8.1

Patches

  • Producer: properly call "prebuild-install" if N-API is used: dd9de59c9fca2751bf5d22b57bd9b03d43e85e80
  • Chore: clean up obsolete eslint disable comments: #1760
  • Chore: add prettier check in linting step: #1764
  • Chore: separate individual test scripts: #1759
  • Chore: use @types/babel__generator package: #1755
  • Chore: remove unused entry: #1766
  • Chore: upgrade actions runners: #1767
  • Style: fix typo in test-99-#1192/main.js: #1790
  • Chore: bump prebuild-install@7.1.1: #1788
  • Fix: add force flag to codesign to avoid already signed error: #1756

Credits

Huge thanks to @​ignatiusmb, @​eltociear, @​PraveenAnaparthi, and @​brianunlam for helping!

5.8.0

Highlights

  • Support more language features, including but not limited to classPrivateMethods (#1248, #1249)
    • Note: pkg uses Babel to trace dependencies. It does NOT transform your sources. You should make sure that your code can run on the target Node.js version.

What's Changed

New Contributors

Full Changelog: vercel/pkg@5.7.0...5.8.0

5.7.0

Highlights

  • Node 18 is now supported!

What's Changed

New Contributors

... (truncated)

Commits

Updates jsrsasign from 10.9.0 to 11.1.0

Release notes

Sourced from jsrsasign's releases.

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
    • src/crypto.js
      • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
    • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
    • src/crypto.js
      • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
    • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

  • Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
    • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
      • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
      • default prf is changed from hmacWithSHA1 to hmacWithSHA256
    • src/keyutil.js
      • more encrypted PKCS#8 private key support
        • KEYUTIL.getKey now supports encrypted PKCS#8 private key with aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as psudorandom function.
        • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM priavte key.
    • src/crypto.js
      • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
    • src/base64x.js
      • function inttohex and twoscompl are added
    • src/asn1.js
      • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
    • src/asn1x509.js
      • aes*-CBC and hmacWithSHA* OIDs are added
    • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
      • update and add some test cases for above
    • stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix

  • Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
    • src/x509.js
      • another bugfix X509.getExtSubjectDirectoryAttributes method

X509.getExtSubjectDirectoryAttributes bugfix

  • Changes from 10.8.4 to 10.8.5 (2023-Apr-26)
    • src/x509.js
      • bugfix X509.getExtSubjectDirectoryAttributes method

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 21, 2024
@dependabot @sandeepnRES
build(deps): Bump the npm_and_yarn group across 3 directories with 3 …
07971bb 
…updates

updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pkg
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: jsrsasign
  dependency-type: direct:production
  dependency-group: npm_and_yarn

Signed-off-by: dependabot[bot] <support@github.com>
@sandeepnRES sandeepnRES force-pushed the dependabot/npm_and_yarn/common/policy-dsl/npm_and_yarn-dfd0339153 branch from 9886e77 to 07971bb Compare May 21, 2024 15:02
@sandeepnRES sandeepnRES merged commit 9e1b2a8 into main May 21, 2024
27 of 42 checks passed
@sandeepnRES sandeepnRES deleted the dependabot/npm_and_yarn/common/policy-dsl/npm_and_yarn-dfd0339153 branch May 21, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandeepnRES sandeepnRES sandeepnRES approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sandeepnRES