TritonDataCenter#123 Need to update jsprim due to vulnerability in js…

…on-schema (TritonDataCenter#125) (#5)

Reviewed by: BruceHaley <[email protected]>
Reviewed by: Dan McDonald <[email protected]>

Co-authored-by: Brian Bennett <[email protected]>

CHANGES.md

@@ -6,88 +6,88 @@
 
 ## 1.3.6
 
- - Remove leading newline from signing string (#2)
- - Add colon after (request-target) in docs (joyent#120)
+* Remove leading newline from signing string (#2)
+* Add colon after (request-target) in docs (joyent#120)
 
 ## 1.3.5
 
- - Add keyPassphrase option to signer (#115)
- - Add support for created and expires values (#110)
+* Add keyPassphrase option to signer (#115)
+* Add support for created and expires values (#110)
 
 ## 1.3.4
 
-- Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
+* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
  Authorization header (#102)
 
 ## 1.3.3
 
 **Bad release. Use 1.3.4.**
 
- - Add support for an opaque param in the Authorization header (#101)
- - Add support for adding the keyId and algorithm params into the signing string (#100)
+* Add support for an opaque param in the Authorization header (#101)
+* Add support for adding the keyId and algorithm params into the signing string (#100)
 
 ## 1.3.2
 
-- Allow Buffers to be used for verifyHMAC (#98)
+* Allow Buffers to be used for verifyHMAC (#98)
 
 ## 1.3.1
 
-- Fix node 0.10 usage (#90)
+* Fix node 0.10 usage (#90)
 
 ## 1.3.0
 
 **Known issue:** This release broken http-signature with node 0.10.
 
-- Bump dependency `sshpk`
-- Add `Signature` header support (#83)
+* Bump dependency `sshpk`
+* Add `Signature` header support (#83)
 
 ## 1.2.0
 
-- Bump dependency `assert-plus`
-- Add ability to pass a custom header name
-- Replaced dependency `node-uuid` with `uuid`
+* Bump dependency `assert-plus`
+* Add ability to pass a custom header name
+* Replaced dependency `node-uuid` with `uuid`
 
 ## 1.1.1
 
-- Version of dependency `assert-plus` updated: old version was missing
+* Version of dependency `assert-plus` updated: old version was missing
  some license information
-- Corrected examples in `http_signing.md`, added auto-tests to
+* Corrected examples in `http_signing.md`, added auto-tests to
  automatically validate these examples
 
 ## 1.1.0
 
-- Bump version of `sshpk` dependency, remove peerDependency on it since
+* Bump version of `sshpk` dependency, remove peerDependency on it since
  it now supports exchanging objects between multiple versions of itself
  where possible
 
 ## 1.0.2
 
-- Bump min version of `jsprim` dependency, to include fixes for using
+* Bump min version of `jsprim` dependency, to include fixes for using
  http-signature with `browserify`
 
 ## 1.0.1
 
-- Bump minimum version of `sshpk` dependency, to include fixes for
+* Bump minimum version of `sshpk` dependency, to include fixes for
  whitespace tolerance in key parsing.
 
 ## 1.0.0
 
-- First semver release.
-- #36: Ensure verifySignature does not leak useful timing information
-- #42: Bring the library up to the latest version of the spec (including the
+* First semver release.
+* #36: Ensure verifySignature does not leak useful timing information
+* #42: Bring the library up to the latest version of the spec (including the
  request-target changes)
-- Support for ECDSA keys and signatures.
-- Now uses `sshpk` for key parsing, validation and conversion.
-- Fixes for #21, #47, #39 and compatibility with node 0.8
+* Support for ECDSA keys and signatures.
+* Now uses `sshpk` for key parsing, validation and conversion.
+* Fixes for #21, #47, #39 and compatibility with node 0.8
 
 ## 0.11.0
 
-- Split up HMAC and Signature verification to avoid vulnerabilities where a
+* Split up HMAC and Signature verification to avoid vulnerabilities where a
  key intended for use with one can be validated against the other method
  instead.
 
 ## 0.10.2
 
-- Updated versions of most dependencies.
-- Utility functions exported for PEM => SSH-RSA conversion.
-- Improvements to tests and examples.
+* Updated versions of most dependencies.
+* Utility functions exported for PEM => SSH-RSA conversion.
+* Improvements to tests and examples.

Jenkinsfile

@@ -1,4 +1,4 @@
-@Library('[email protected].2') _
+@Library('[email protected].8') _
 
 pipeline {
 
@@ -80,7 +80,7 @@ pipeline {
 
  post {
  always {
- joyMattermostNotification()
+ joySlackNotifications()
  }
  }
 }

package.json

@@ -31,7 +31,7 @@
  },
  "dependencies": {
  "assert-plus": "^1.0.0",
- "jsprim": "^1.2.2",
+ "jsprim": "^2.0.2",
  "sshpk": "^1.14.1"
  },
  "devDependencies": {