search

cloudflare / cfssl

CFSSL: Cloudflare's PKI and TLS toolkit
https://cfssl.org/
BSD 2-Clause "Simplified" License
8.56k stars 1.09k forks source link

build(deps): bump github.com/zmap/zlint/v3 from 3.5.0 to 3.6.2 #1374

Open dependabot[bot] opened 2 months ago

dependabot[bot] commented 2 months ago

Bumps github.com/zmap/zlint/v3 from 3.5.0 to 3.6.2.

Release notes

Sourced from github.com/zmap/zlint/v3's releases.

v3.6.2

ZLint v3.6.2

The ZMap team is happy to share ZLint v3.6.2.

Thank you to everyone who contributes to ZLint!

Bug Fixes

  • Corrected an issue in e_single_email_if_present wherein only the SAN was checked for email addresses and the subject domain name was not.
  • Limited the checking of common names in the SAN for e_mailbox_address_shall_contain_an_rfc822_name
  • Added an ineffective date to e_dsa_correct_order_in_subgroup, e_dsa_shorter_than_2048_bits, and e_dsa_unique_correct_representation.

New Lints

  • e_eku_critical, BRs: 7.1.2.7.6, Subscriber Certificate extkeyUsage extension MUST NOT be marked critical
  • e_crlissuer_must_not_be_present_in_cdp, BRs: 7.1.2.11.2, crlIssuer and/or Reason field MUST NOT be present in the CDP extension.
  • e_legal_entity_identifier, S/MIME BRs: 7.1.2.3.l, Mailbox/individual: prohibited. Organization/sponsor: may be present
  • e_commonname_mailbox_validated, S/MIME BRs: 7.1.4.2.2a, If present, the commonName attribute of a mailbox-validated certificate SHALL contain a mailbox address
  • e_subject_country_name, S/MIME BRs: 7.1.4.2.2n, If present, the subject:countryName SHALL contain the two‐letter ISO 3166‐1 country code associated with the location of the Subject
  • e_cab_dv_subject_invalid_values, BRs: 7.1.2.7.2, If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN.
  • e_invalid_subject_rdn_order, BRs: 7.1.4.2, Subject field attributes (RDNs) SHALL be encoded in a specific order
  • e_subscribers_crl_distribution_points_are_http, S/MIME BRs: 7.1.2.3.b, cRLDistributionPoints SHALL have URI scheme HTTP.
  • e_smime_qc_statements_must_not_be_critical, S/MIME BRs: 7.1.2.3.k, This extension MAY be present and SHALL NOT be marked critical.
  • e_mailbox_address_shall_contain_an_rfc822_name, S/MIME BRs: 7.1.4.2.1, All Mailbox Addresses in the subject field or entries of type dirName of this extension SHALL be repeated as rfc822Name or otherName values of type id-on-SmtpUTF8Mailbox in this extension
  • e_authority_key_identifier_correct, S/MIME BRs: 7.1.2.3.g, authorityKeyIdentifier SHALL be present. This extension SHALL NOT be marked critical. The keyIdentifier field SHALL be present. authorityCertIssuer and authorityCertSerialNumber fields SHALL NOT be present.
  • e_strict_multipurpose_smime_ext_subject_directory_attr, S/MIME BRs: 7.1.2.3j, SMIME Strict and Multipurpose certificates cannot have Subject Directory Attribute
  • w_ext_subject_key_identifier_not_recommended_subscriber, BRs v2: 7.1.2.7.6, Subcriber certificates use of Subject Key Identifier is NOT RECOMMENDED

Changelog

  • ae3b1f3 Correct test descriptions (#829)
  • 308a138 Limit scope for cn checking in SAN (#825)
  • 2980c72 Add ineffective date to DSA lints. (#827)
  • f9496fa Use help Method beforeoron instead of (#717)
  • 9291729 util: gtld_map autopull updates for 2024-03-27T22:19:31 UTC (#817)
  • e99e725 feat: Test EKU Criticality (#816)
  • 38cfd72 cRLIssuer MUST NOT be present (#814)
  • 990a074 Add lints for S/MIME BR 7.1.2.3l (#805)
  • 32bba7a Update single email if present (#808)
  • e33bae9 Update single email subject if present (#802)
  • 7c899ea Add lint for BR 7.1.4.2.2a mailbox-validated (#806)
  • e6650eb Add lints for S/MIME BR 7.1.4.2.2n country name (#807)
  • 8d2c579 Lint for 7.1.2.7.2 BR (#810)
  • e76cc77 Add lint for checking that Subject attributes (RDNs) appear in the order prescribed by CABF BR 7.1.4.2 (#813)
  • a063d31 Add lints for S/MIME BR 7.1.2.3.b (#779)
  • a72ff4e util: gtld_map autopull updates for 2024-03-09T18:19:57 UTC (#811)
  • 5501be1 Mailbox addresses from san for all br (#809)
  • 9c67bdb Fix typo (#804)
  • 83b5f8d Add lint for S/MIME BR 7.1.2.3 (k) (#799)
  • b9ff71f Add lint to enforce SMIME BRs: 7.1.4.2.1 requirement for mailbox addr… (#800)
  • a23de3d util: gtld_map autopull updates for 2024-02-20T21:17:08 UTC (#794)
  • bf84ed8 Add test case for smime ext subject directory attr (#801)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)