A platform, a protocol suite, and a set of tools, to enable interoperation for data sharing and asset movements between independent networks built on heterogeneous blockchain, or more generally, distributed ledger, technologies, in a manner that preserves the core blockchain tenets of decentralization and security.
Apache License 2.0
55
stars
45
forks
source link
build(deps): Bump the npm_and_yarn group across 3 directories with 3 updates #465
Bumps the npm_and_yarn group with 1 update in the /common/policy-dsl directory: tough-cookie.
Bumps the npm_and_yarn group with 1 update in the /samples/fabric/fabric-cli directory: pkg.
Bumps the npm_and_yarn group with 1 update in the /sdks/fabric/interoperation-node-sdk directory: jsrsasign.
Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.
Support more language features, including but not limited to classPrivateMethods (#1248, #1249)
Note: pkg uses Babel to trace dependencies. It does NOT transform your sources. You should make sure that your code can run on the target Node.js version.
No longer take NODE_OPTIONS from the environment of the end-user. Only the users (developers who use pkg to package their project) should have control over the flags via the "bake in" (--options) mechanism (Fixes: vercel/pkg#954, vercel/pkg#989, vercel/pkg#1194, vercel/pkg#1517)
Patched Node: bump to 16.15.0, add 18.1.0 and drop 17
fix broken tests on node 12; latest pnpm requires node >= 14.19 by @kldzj in vercel/pkg#1613
restore KJUR.crypto.Cipher class without RSA/RSAOAEP support
Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
src/crypto.js
restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support
remove RSA and RSAOAEP encryption for Marvin attack
Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
src/crypto.js
remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
ext/{rsa,rsa2}.js
remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
enhanced support for encrypted PKCS8
Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
KEYUTIL.getPEM is updated not to use weak ciphers (#599)
default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
default prf is changed from hmacWithSHA1 to hmacWithSHA256
src/keyutil.js
more encrypted PKCS#8 private key support
KEYUTIL.getKey now supports encrypted PKCS#8 private key with
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.
KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
priavte key.
src/crypto.js
Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
src/base64x.js
function inttohex and twoscompl are added
src/asn1.js
ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger-labs/weaver-dlt-interoperability/network/alerts).
Bumps the npm_and_yarn group with 1 update in the /common/policy-dsl directory: tough-cookie. Bumps the npm_and_yarn group with 1 update in the /samples/fabric/fabric-cli directory: pkg. Bumps the npm_and_yarn group with 1 update in the /sdks/fabric/interoperation-node-sdk directory: jsrsasign.
Updates
tough-cookiefrom 4.0.0 to 4.1.4Release notes
Sourced from tough-cookie's releases.
... (truncated)
Commits
cacbc37Bump version to 4.1.4a48fb3aAdd tests for url validation50e69bfMerge pull request #261 from postmanlabs/fix/url-string-validation1253d58Merge pull request #409 from corvidism/validators-to-string238367eAdd local alias fortoString4ff4d294.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747Prevent prototype pollution in cookie memstore (#283)f06b72dFix documentation for store.findCookies, missing allowSpecialUseDomain proper...cf6debdFix incorrect string validation for URLb1a8898fix: allow set cookies with localhost (#253)Maintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Updates
pkgfrom 4.5.1 to 5.8.1Release notes
Sourced from pkg's releases.
... (truncated)
Commits
5dc987b5.8.1f19285dfix: add force flag to codesign to avoid already signed error (#1756)e3ac490chore: bump prebuild-install@7.1.1 (#1788)be1123cstyle: fix typo in test-99-#1192/main.js (#1790)614c02achore: upgrade actions runners (#1767)39e9985chore: remove unused entry (#1766)b8deba4chore: use@types/babel__generatorpackage (#1755)332c7d9chore: separate individual test scripts (#1759)6efa7cfchore: add prettier check in linting step (#1764)56135b5chore: clean up obsolete eslint disable comments (#1760)Updates
jsrsasignfrom 10.9.0 to 11.1.0Release notes
Sourced from jsrsasign's releases.
Changelog
Sourced from jsrsasign's changelog.
... (truncated)
Commits
58bb24111.1.0 release726c216update readme3f1def8update readmed73befc11.0.0 release32f73afupdate jsdocDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show