Skip to content

fix(signing-utils): fix artifact signing#199

Merged
mabaasit merged 2 commits intomainfrom
signing-fixes
Jan 12, 2024
Merged

fix(signing-utils): fix artifact signing#199
mabaasit merged 2 commits intomainfrom
signing-fixes

Conversation

@mabaasit
Copy link
Copy Markdown
Collaborator

@mabaasit mabaasit commented Jan 12, 2024

In this PR, I added following:

  1. Support for host in ClientOptions
  2. Support for jsign options to pass the certificate alias and the timestamp url
  3. Update garasign to correctly check for signing method

Description

Open Questions

Checklist

@mabaasit mabaasit merged commit 7ee7408 into main Jan 12, 2024
@mabaasit mabaasit deleted the signing-fixes branch January 12, 2024 15:06
github-actions Bot added a commit that referenced this pull request Apr 19, 2026
@github-actions
chore(deps): add overrides to force serialize-javascript>=7.0.5
bd22104 
Addresses two Dependabot alerts:
- Alert #173: GHSA-5c6j-r48x-rmvq (RCE via RegExp.flags/Date.toISOString, high severity)
- Alert #199: GHSA-qj8w-gfj5-8c6v / CVE-2026-34043 (DoS via CPU exhaustion, medium severity)

Both mocha@^8.4.0 and terser-webpack-plugin@^5.3.x ship serialize-javascript
6.x, and neither has released a version shipping >=7.0.5. Adding an npm
`overrides` entry forces all transitive instances to resolve to 7.0.5+.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions Bot mentioned this pull request Apr 19, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lerouxb lerouxb lerouxb approved these changes

@mcasimir mcasimir mcasimir approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mabaasit @lerouxb @mcasimir