Bump jsrsasign from 10.5.27 to 10.6.0

[dependabot[bot]]

Bumps jsrsasign from 10.5.27 to 10.6.0.

Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

StringPrep DN canonicalization support and some fix

• Changes from 10.5.27 to 10.6.0 (2022-Nov-04)
  • x509.js
    • X509.getParam
      • add support for optional parameter "dncanon" and "dnhex"
    • X509.getInfo
      • update representation for AltName
    • X509.{getIssuer,getSubect}
      • add support for optional argument flagCanon, flagHex
    • X509.c14RDNArray added to convert from RDN array to canonicalized DN name (a.k.a. StringPrep).
    • X509.getX500Name
      • API document updated
    • X509.getOtherName
      • member name changed from "other" to "value" for consistency with KJUR.asn1.x509.OtherName class constructor.
      • Also oid member value in return object will be an oid name if defined.
    • X509.setCanonicalizedDN added to set "canon" member value
  • asn1x509.js
    • smtpUTF8Mailbox oid added to OID class
    • API document fix
  • asn1.js
    • DERTaggedObject API document update
  • test/qunit-do-{asn1x509,x509-ext,x509-getinfo,x509-param,x509}.html
    • update some test cases for above

CSRUtil class enhancement

• Changes from 10.5.25 to 10.5.26 (2022-Jul-14)
  • src/asn1csr.js
    • CSRUtil.verifySignature method added
    • CSRUtil.getParam enhanced to support optional argument flagTBS
  • test/qunit-do-asn1csr.html
    • update some test cases for above

CVE-2022-25898 Security fix in JWS and JWT validation

• Changes from 10.5.24 to 10.5.25 (2022-Jun-23)
  • src/jws.js
    • JWS.verify and JWS.verifyJWT
      • CVE-2022-25898 SECURITY FIX: verify and verifyJWT may accept signature with special characters or \number characters by mistake. Please see security advisory: https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf
  • src/base64x.js
    • function isBase64URLDot added
  • test/qunit-do-jwt-veri.html

... (truncated)

Commits

• 58e5cdf 10.6.0 release
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @unknownskl.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)