dependabot-preview[bot]
commented
5 years ago Looks like org.bouncycastle:bcpkix-jdk15on is up-to-date now, so this is no longer needed.
Closed dependabot-preview[bot] closed 5 years ago
dependabot-preview[bot]
commented
5 years ago Looks like org.bouncycastle:bcpkix-jdk15on is up-to-date now, so this is no longer needed.
Bumps bcpkix-jdk15on from 1.62 to 1.63.
Changelog
*Sourced from [bcpkix-jdk15on's changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html).* > > >Bouncy Castle Crypto Package - Release Notes
> > > >1.0 Introduction
>> The Bouncy Castle Crypto package is a Java implementation of > cryptographic algorithms. The package is organised so that it > contains a light-weight API suitable for use in any environment > (including the J2ME) with the additional infrastructure > to conform the algorithms to the JCE framework. >
>2.0 Release History
> >2.1.1 Version
> Release: 1.63> Date: 2019, September 10th. >
2.1.2 Defects Fixed
>>- The ASN.1 parser would throw a large object exception for some objects which could be safely parsed. This has been fixed.
> - GOST3412-2015 CTR mode was unusable at the JCE level. This has been fixed.
> - The DSTU MACs were failing to reset fully on doFinal(). This has been fixed.
> - The DSTU MACs would throw an exception if the key was a multiple of the size as the MAC's underlying buffer size. This has been fixed.
> - EdEC and QTESLA were not previously usable with the post Java 9 module structure. This is now fixed.
>
- ECNR was not correctly bounds checking the input and could produce invalid signatures. This is now fixed.
> - ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character).
> - TLS: Fix X448 support in JcaTlsCrypto.
> - Fixed field reduction for secp128r1 custom curve.
> - Fixed unsigned multiplications in X448 field squaring.
> - Some issues over subset Name Constraint validation in the CertPath analyser have now been fixed.
> - TimeStampResponse.getEncoded() could throw an exception if the TimeStampToken was null. This has been fixed.
> - Unnecessary memory usage in the ARGON2 implementation has been removed.
> - Param-Z in the GOST-28147 algorithm was not resolving correctly. This has been fixed.
> - It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC.
>
> >2.1.3 Additional Features and Functionality
>>- QTESLA is now updated with the round 2 changes. Note: the security catergories, and in some cases key generation and signatures, have changed. For people interested in comparison, the round 1 version is now moved to org.bouncycastle.pqc.crypto.qteslarnd1 - this package will be deleted in 1.64. Please keep in mind that QTESLA may continue to evolve.
> - Support has been added for generating Ed25519/Ed448 signed certificates.
> ... (truncated)
Commits
- See full diff in [compare view](https://github.com/bcgit/bc-java/commits)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.