Closed snyk-bot closed 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 5.6
SNYK-JS-NODEFORGE-2430337
Why? Recently disclosed, Has a fix available, CVSS 7.3
SNYK-JS-NODEFORGE-2430339
Why? Recently disclosed, Has a fix available, CVSS 5.6
SNYK-JS-NODEFORGE-2430341
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-forge
The new version differs by 80 commits.- 6c5b901 Release 1.3.0.
- 0f3972a Update changelog.
- dc77b39 Fix error checking.
- bb822c0 Add advisory links.
- d4395fe Update changelog.
- a4405bb Improve signature verification tests.
- aa9372d Add missing RFC 8017 algorithm identifiers.
- 3f0b49a Fix signature verification issues.
- c20f309 Adjust remaining length.
- e27f612 Remove unused option.
- 2b1f368 Add fallback to pretty print invalid UTF8 data.
- 7928551 Start 1.2.2-0.
- 2162bfc Release 1.2.1.
- 43a456e Update changelog.
- 2f3820a Refactor logging to avoid use of URLSearchParams.
- 50a20ec Load entire module while testing.
- 1545316 Start 1.2.1-0.
- 866ed40 Release 1.2.0.
- a9f013a Update changelog.
- f8e498a Fix typos.
- 9d8b0ee Add verification helper.
- 2fb9995 Add helper to create signature digest.
- 03d3ed7 Added alternate OID 1.3.14.3.2.29 for sha1 with RSA
- 874cef8 Update changelog.
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Learn about vulnerability in an interactive lesson of Snyk Learn.