Skip to content

chore: bump jsrsasign from 11.1.0 to 11.1.1#7926

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/main/jsrsasign-11.1.1
Open

chore: bump jsrsasign from 11.1.0 to 11.1.1#7926
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/main/jsrsasign-11.1.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 22, 2026

Bumps jsrsasign from 11.1.0 to 11.1.1.

Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
    • src/crypto.js
      • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
    • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

  • Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
    • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
      • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
      • default prf is changed from hmacWithSHA1 to hmacWithSHA256
    • src/keyutil.js
      • more encrypted PKCS#8 private key support
        • KEYUTIL.getKey now supports encrypted PKCS#8 private key with aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as psudorandom function.
        • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM priavte key.
    • src/crypto.js
      • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
    • src/base64x.js
      • function inttohex and twoscompl are added
    • src/asn1.js
      • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
    • src/asn1x509.js
      • aes*-CBC and hmacWithSHA* OIDs are added
    • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
      • update and add some test cases for above
    • stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix

  • Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
    • src/x509.js
      • another bugfix X509.getExtSubjectDirectoryAttributes method

... (truncated)

Commits
  • e2b136e 11.1.1 release
  • e2e417e Merge pull request #641 from njg7194/add-security-policy
  • 77f1776 Merge pull request #651 from Kr0emer/fix/bug-007-isprobableprime-negative
  • 5ea1c32 Merge pull request #650 from Kr0emer/fix/bug-006-modpow-negative-exponent
  • ee4b013 Merge pull request #647 from Kr0emer/fix/bug-003-dsa-nonce-compareto
  • 37b4c06 Merge pull request #646 from Kr0emer/fix/bug-002-dsa-domain-params-validation
  • d89f0ec fix(crypto): correct compareTo checks in BigInteger RNG helpers
  • 02fa75d fix(jsbn2): reject non-positive values in primality checks
  • f508ddd Merge branch 'master' into fix/bug-002-dsa-domain-params-validation
  • ca5b027 Merge pull request #648 from Kr0emer/fix/bug-004-modinverse-dos
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore: bump jsrsasign from 11.1.0 to 11.1.1
8c5819b 
Bumps [jsrsasign](https://github.com/kjur/jsrsasign) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/kjur/jsrsasign/releases)
- [Changelog](https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt)
- [Commits](kjur/jsrsasign@11.1.0...11.1.1)

---
updated-dependencies:
- dependency-name: jsrsasign
  dependency-version: 11.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies javascript Pull requests that update Javascript code labels Feb 22, 2026
otto-the-bot
otto-the-bot approved these changes Feb 22, 2026
View reviewed changes
Copy link
Collaborator

@otto-the-bot otto-the-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 22, 2026

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@otto-the-bot otto-the-bot otto-the-bot approved these changes

Assignees

No one assigned

Labels

dependencies javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@otto-the-bot