[Snyk] Upgrade jsrsasign from 10.5.1 to 10.8.6

[manuelfidalgo]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade jsrsasign from 10.5.1 to 10.8.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 36 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-04-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Verification of Cryptographic Signature SNYK-JS-JSRSASIGN-2869122	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: jsrsasign

• 10.8.6 - 2023-04-26
  

  X509.getExtSubjectDirectoryAttributes another bugfix

• 10.8.5 - 2023-04-26
  
  • Changes from 10.8.4 to 10.8.5 (2023-Apr-26)
    • src/x509.js
      • bugfix X509.getExtSubjectDirectoryAttributes method
• 10.8.4 - 2023-04-26
  
  • Changes from 10.8.3 to 10.8.4 (2023-Apr-26)
    • src/asn1x509.js
      • SubjectDirectoryAttributes class
        • add array of array support for arbitrary attribute value
    • src/x509.js
      • add X509.getExtSubjectDirectoryAttributes method for
        ExtSubjectDirectoryAttributes extension
      • update X509.getExtParam method
        • support SubjectDirectoryAttributes
        • parse unknown extension as ASN.1
    • src/base64x.js
      • bugfix foldnl function: when length of s is multiple of n,
        result has unnecessary new line in the end of string.
    • qunit-do-{asn1x509,x509-ext,base64x,x500-param}.html
      • update and add some test cases for above
• 10.8.3 - 2023-04-19
  
  • Changes from 10.8.2 to 10.8.3 (2023-Apr-20)
    • src/asn1x509.js
      • Add OIDs for CABR S/MIME BR policy OIDs and GN givenName attribute type
• 10.8.2 - 2023-04-15
  
  • Changes from 10.8.1 to 10.8.2 (2023-Apr-15)
    • ext/rsa.js
      • fix RSAEncryptOAEP for RSA OAEP encryption #582 #583
        In rare cases, it have been generated ciphertext that
        could not be decrpyted.
• 10.8.1 - 2023-04-09
  
  • Changes from 10.8.0 to 10.8.1 (2023-Apr-09)
    • npm/{package.json, lib/footer.js}
• 10.8.0 - 2023-04-08
  
  • Changes from 10.7.0 to 10.8.0 (2023-Apr-8)
    • x509.js
      • X509.getUserNotice supports NoticeReference
      • add asn1ToDisplayText method
    • base64x.js
      • add function msectozulu
      • add aryval for nested JSON value access
    • asn1.js
      • DERInteger refactoring
    • test/qunit-do-{asn1,asn1x509,base64x,x509-ext}.html
      • update and add some test cases for above
• 10.7.0 - 2023-03-12
  
  • Changes from 10.6.1 to 10.7.0 (2023-Mar-12)
    • x509.js
      • add X509.registExtParser(): register custom extension parser
    • base64x.js
      • add utility functions
        • b64topem() Base64 string to PEM
        • pemtob64() PEM to Base64 string
        • foldnl() wrap string to fit in specified width
        • timetogen() align to UTCTime to GeneralizedTime
    • test/qunit-do-{x509-ext,base64x}.html
      • update and add some test cases for above
• 10.6.1 - 2022-11-20
  
  • Changes from 10.6.0 to 10.6.1 (2022-Nov-20)
    • asn1x509.js
      • KJUR.asn1.x509.{PolicyMappings,PolicyConstraints,InhibitAnyPolicy} class added
      • KJUR.asn1.x509.Extension updated to support
        PolicyMappings, PolicyConstraints and InhibitAnyPolicy
    • x509.js
      • X509.getExt{PolicyMappings,PolicyConstraints,InhibitAnyPolicy} method added
      • X509.getCriticalExtV utility method added
      • X509.getExtParam updated to support
        {PolicyMappings,PolicyConstraints,InhibitAnyPolicy}
      • X509.getInfo updated to support
        {PolicyMappings,PolicyConstraints,InhibitAnyPolicy}
    • test/qunit-do-{asn1x509-tbscert,x509-ext,x509-getinfo,x509-param}.html
      • update and add some test cases for above
• 10.6.0 - 2022-11-04
  

  z* Changes from 10.5.27 to 10.6.0 (2022-Nov-04)

  • x509.js
    • X509.getParam
      • add support for optional parameter "dncanon" and "dnhex"
    • X509.getInfo
      • update representation for AltName
    • X509.{getIssuer,getSubect}
      • add support for optional argument flagCanon, flagHex
    • X509.c14RDNArray added to convert from RDN array to canonicalized
      DN name (a.k.a. StringPrep).
    • X509.getX500Name
      • API document updated
    • X509.getOtherName
      • member name changed from "other" to "value" for
        consistency with KJUR.asn1.x509.OtherName class constructor.
      • Also oid member value in return object will be an oid name if defined.
    • X509.setCanonicalizedDN added to set "canon" member value
  • asn1x509.js
    • smtpUTF8Mailbox oid added to OID class
    • API document fix
  • asn1.js
    • DERTaggedObject API document update
  • test/qunit-do-{asn1x509,x509-ext,x509-getinfo,x509-param,x509}.html
    • update some test cases for above
• 10.5.27 - 2022-08-19
• 10.5.26 - 2022-07-14
• 10.5.25 - 2022-06-23
• 10.5.24 - 2022-06-04
• 10.5.23 - 2022-05-27
• 10.5.22 - 2022-05-23
• 10.5.21 - 2022-05-23
• 10.5.20 - 2022-04-25
• 10.5.19 - 2022-04-23
• 10.5.18 - 2022-04-22
• 10.5.17 - 2022-04-14
• 10.5.16 - 2022-04-08
• 10.5.15 - 2022-04-06
• 10.5.14 - 2022-03-28
• 10.5.13 - 2022-03-18
• 10.5.12 - 2022-03-13
• 10.5.11 - 2022-03-12
• 10.5.10 - 2022-03-10
• 10.5.9 - 2022-03-09
• 10.5.8 - 2022-02-24
• 10.5.7 - 2022-02-18
• 10.5.6 - 2022-02-16
• 10.5.5 - 2022-02-16
• 10.5.4 - 2022-02-15
• 10.5.3 - 2022-02-10
• 10.5.2 - 2022-02-08
• 10.5.1 - 2021-12-01

from jsrsasign GitHub release notes

Commit messages

Package name: jsrsasign

• 59920c4 10.8.6 release
• c195be8 10.8.5 release
• 04af7f5 10.8.4 release
• d679050 10.8.3 release
• 97921fb 10.8.2 release
• d332357 Merge pull request chore(deps-dev): bump eslint-plugin-jest from 23.7.0 to 23.8.0 #583 from davedoesdev/master
• 1cfd939 Fix OAEP padding
• 9671f4b 10.8.1 release
• 19608d2 10.8.0 release
• 574e9ad 10.7.0 release
• 8625124 Merge pull request chore(deps): bump aws-sdk from 2.621.0 to 2.622.0 #569 from samueldiethelm/master
• 2cc5305 Fix error loading library in Postman
• f3e32c7 10.6.1 release
• 58e5cdf 10.6.0 release
• c665ebc 10.5.27 release
• 6513aca 10.5.26 release
• 4536a6e CVE-2022-25898 Security fix in JWS and JWT validation
• 3edc007 10.5.24 release
• f6b7916 10.5.23 release
• 2613c64 10.5.22 release
• 4274a59 10.5.21 release
• f11615a ResponderID API doc update
• 5efa282 10.5.20 release
• 041564e 10.5.19 release

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Unit Test Results

1 files  1 suites   3s ⏱️
1 tests 1 ✔️ 0 💤 0 ❌

Results for commit 07f97c1.