Skip to content

Comments

chore(deps): bump jsrsasign from 11.1.0 to 11.1.1#21212

Merged
github-actions[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/jsrsasign-11.1.1
Feb 23, 2026
Merged

chore(deps): bump jsrsasign from 11.1.0 to 11.1.1#21212
github-actions[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/jsrsasign-11.1.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026

Bumps jsrsasign from 11.1.0 to 11.1.1.

Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
    • src/crypto.js
      • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
    • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

  • Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
    • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
      • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
      • default prf is changed from hmacWithSHA1 to hmacWithSHA256
    • src/keyutil.js
      • more encrypted PKCS#8 private key support
        • KEYUTIL.getKey now supports encrypted PKCS#8 private key with aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as psudorandom function.
        • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM priavte key.
    • src/crypto.js
      • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
    • src/base64x.js
      • function inttohex and twoscompl are added
    • src/asn1.js
      • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
    • src/asn1x509.js
      • aes*-CBC and hmacWithSHA* OIDs are added
    • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
      • update and add some test cases for above
    • stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix

  • Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
    • src/x509.js
      • another bugfix X509.getExtSubjectDirectoryAttributes method

... (truncated)

Commits
  • e2b136e 11.1.1 release
  • e2e417e Merge pull request #641 from njg7194/add-security-policy
  • 77f1776 Merge pull request #651 from Kr0emer/fix/bug-007-isprobableprime-negative
  • 5ea1c32 Merge pull request #650 from Kr0emer/fix/bug-006-modpow-negative-exponent
  • ee4b013 Merge pull request #647 from Kr0emer/fix/bug-003-dsa-nonce-compareto
  • 37b4c06 Merge pull request #646 from Kr0emer/fix/bug-002-dsa-domain-params-validation
  • d89f0ec fix(crypto): correct compareTo checks in BigInteger RNG helpers
  • 02fa75d fix(jsbn2): reject non-positive values in primality checks
  • f508ddd Merge branch 'master' into fix/bug-002-dsa-domain-params-validation
  • ca5b027 Merge pull request #648 from Kr0emer/fix/bug-004-modinverse-dos
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump jsrsasign from 11.1.0 to 11.1.1
9781f2d 
Bumps [jsrsasign](https://github.com/kjur/jsrsasign) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/kjur/jsrsasign/releases)
- [Changelog](https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt)
- [Commits](kjur/jsrsasign@11.1.0...11.1.1)

---
updated-dependencies:
- dependency-name: jsrsasign
  dependency-version: 11.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies This PR involves changes to dependencies label Feb 23, 2026
@github-actions github-actions bot merged commit cb7a972 into master Feb 23, 2026
33 checks passed
@github-actions github-actions bot deleted the dependabot/npm_and_yarn/jsrsasign-11.1.1 branch February 23, 2026 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

auto: ready to merge dependencies This PR involves changes to dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants