New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency jsrsasign to v11 #18

Open

renovate wants to merge 1 commit into main from renovate/jsrsasign-11.x

Contributor

renovate bot commented Feb 1, 2024 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jsrsasign (source)	`^10.8.6` -> `^11.1.0`

Release Notes

kjur/jsrsasign (jsrsasign)

`v11.1.0`: restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
- src/crypto.js
  - restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

`v11.0.0`: remove RSA and RSAOAEP encryption for Marvin attack

Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
- remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
- src/crypto.js
  - remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
- ext/{rsa,rsa2}.js
  remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

`v10.9.0`: enhanced support for encrypted PKCS8

Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
- KEYUTIL.getPEM is updated not to use weak ciphers (#599)
  - default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
  - default prf is changed from hmacWithSHA1 to hmacWithSHA256
- src/keyutil.js
  - more encrypted PKCS#8 private key support
    - KEYUTIL.getKey now supports encrypted PKCS#8 private key with
      aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
      psudorandom function.
    - KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
      priavte key.
- src/crypto.js
  - Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
- src/base64x.js
  - function inttohex and twoscompl are added
- src/asn1.js
  - ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
- src/asn1x509.js
  - aes*-CBC and hmacWithSHA* OIDs are added
- test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
  - update and add some test cases for above
- stop bower support (bower.json removed)

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.


          Update dependency jsrsasign to v11

26a644a

renovate bot force-pushed the renovate/jsrsasign-11.x branch from 680ad32 to 26a644a Compare

February 2, 2024 00:21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet