Skip to content

chore(deps): update dependency selfsigned to v5 #601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency selfsigned to v5 #601

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 1, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
selfsigned ^3.0.0 -> ^5.0.0 age confidence

Release Notes

jfromaniello/selfsigned (selfsigned)

v5.2.0

Compare Source

v5.1.0

Compare Source

v5.0.0

Compare Source

🚀 Major Rewrite

Complete rewrite replacing node-forge with modern @peculiar/x509 and pkijs libraries.

✨ Added
  • Native WebCrypto API support for better performance and security
  • TypeScript examples in documentation
  • Async/await support as the primary API
  • Support for keyPair option to use existing keys
  • Updated to use Node.js native crypto for all operations
  • Separate selfsigned/pkcs7 module for tree-shakeable PKCS#7 support
💥 BREAKING CHANGES

  1. Async-only API: The generate() function now returns a Promise. Synchronous generation has been removed.

    // Old (v4.x)
const pems = selfsigned.generate(attrs, options);

// New (v5.x)
const pems = await selfsigned.generate(attrs, options);

  2. No callback support: Callbacks have been completely removed in favor of Promises.

    // Old (v4.x)
selfsigned.generate(attrs, options, function(err, pems) { ... });

// New (v5.x)
const pems = await selfsigned.generate(attrs, options);

  3. Minimum Node.js version: Now requires Node.js >= 15.6.0 (was >= 10)

    • Required for native WebCrypto support

  4. Dependencies changed:

    • ❌ Removed: node-forge (1.64 MB)
    • ✅ Added: @peculiar/x509 (551 KB) - 66% smaller!
    • ✅ Added: pkijs (1.94 MB, only for PKCS#7 support)
    • Bundle size reduced by 66% when not using PKCS#7

  5. PKCS#7 API changed:

    • Old: const pems = await generate(attrs, { pkcs7: true }); pems.pkcs7
    • New: const { createPkcs7 } = require('selfsigned/pkcs7'); const pkcs7 = createPkcs7(pems.cert);
    • PKCS#7 is now a separate module for better tree-shaking
🔧 Changed
  • Default key size remains 2048 bits (was incorrectly documented as 1024)
  • PEM output uses \n line endings (was \r\n)
  • Private keys now use PKCS#8 format (BEGIN PRIVATE KEY instead of BEGIN RSA PRIVATE KEY)
  • Certificate generation is now fully async using native WebCrypto
  • PKCS#7 is now tree-shakeable: Moved to separate selfsigned/pkcs7 module so bundlers can exclude it when not used
🐛 Fixed
  • Default key size documentation corrected from 1024 to 2048 bits
  • Improved error handling for certificate generation failures
📦 Dependencies

Removed:

  • node-forge@^1.3.1
  • @types/node-forge@^1.3.0

Added:

  • @peculiar/x509@​^1.14.2 (required)
  • pkijs@^3.3.3 (required, but tree-shakeable via separate selfsigned/pkcs7 module)
🔒 Security
  • Now uses Node.js native WebCrypto API instead of JavaScript implementation
  • Better integration with platform security features
  • More secure random number generation
📚 Documentation
  • Complete README rewrite with async/await examples
  • Added migration guide from v4.x to v5.x
  • Updated all code examples to use async/await
  • Added requirements section highlighting Node.js version requirement

v4.0.1

Compare Source

v4.0.0

Compare Source

See git history for changes in 4.x and earlier versions.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@coderabbitai
Copy link

coderabbitai bot commented Dec 1, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Dec 1, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/node-modules/urllib@601

commit: a9b1a4d

@socket-security
Copy link

socket-security bot commented Dec 1, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedselfsigned@​3.0.1 ⏵ 5.2.0100100100 +692 -1100

View full report

@renovate renovate bot force-pushed the renovate/selfsigned-5.x branch 10 times, most recently from 2a53b69 to 65967dd Compare December 11, 2025 12:34
@renovate renovate bot force-pushed the renovate/selfsigned-5.x branch from 65967dd to a9b1a4d Compare December 11, 2025 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant