build(deps): bump pkijs from 2.4.0 to 3.4.0#4833
build(deps): bump pkijs from 2.4.0 to 3.4.0#4833dependabot[bot] wants to merge 1 commit intonextfrom
Conversation
dependabot
bot
added
dependencies
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/pkijs-3.4.0
branch
from
ce2cc7b to
c8f3215
Compare
Bumps [pkijs](https://github.com/PeculiarVentures/PKI.js) from 2.4.0 to 3.4.0. - [Release notes](https://github.com/PeculiarVentures/PKI.js/releases) - [Commits](PeculiarVentures/PKI.js@v2.4.0...v3.4.0) --- updated-dependencies: - dependency-name: pkijs dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/pkijs-3.4.0
branch
from
c8f3215 to
6341f0a
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6341f0aa3f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "node-kms": "^0.4.1", | ||
| "node-scr": "^0.3.0", | ||
| "pkijs": "^2.1.84", | ||
| "pkijs": "^3.4.0", |
There was a problem hiding this comment.
This major bump to PKI.js 3.x is incompatible with the package’s current certificate parsing path: kms-certificate-validation.js still parses certs with asn1js 2.x (fromBER) and feeds that schema into PKI.js objects, but PKI.js 3 extension parsing/validation paths rely on v3 ASN.1 blocks (e.g., valueHexView) when extension.parsedValue is accessed (such as SAN checks and chain verification). In practice, valid KMS JWTs can fail validation at runtime after this upgrade unless asn1js usage is migrated in lockstep.
Useful? React with 👍 / 👎.
|
Dependabot can't resolve your JavaScript dependency files. Because of this, Dependabot cannot update this pull request. |
1 similar comment
|
Dependabot can't resolve your JavaScript dependency files. Because of this, Dependabot cannot update this pull request. |
Bumps pkijs from 2.4.0 to 3.4.0.
Release notes
Sourced from pkijs's releases.
... (truncated)
Commits
1e134fc3.4.05b0702dMerge pull request #465 from PeculiarVentures/rsa-pss-spki-fixa70684eAdd test for import capability of SPKI with rsaPSS alg identifier6dd7425Recognise id-RSASSA-PSS (1.2.840.113549.1.1.10) in PublicKeyInfo as an RSA fa...0187b82Allow id-RSASSA-PSS (1.2.840.113549.1.1.10) in CryptoEngine importKey for RSA...1bb60c2chore(website): update package-lock.json with dependency version upgrades and...82ece66Merge pull request #457 from PeculiarVentures/donskov/website-deps-path-9/122ed345ddeps(website): fix npm audit issuesc9fd2bc3.3.3e2c1a40Merge pull request #455 from nrtmr1211:fix/ocsp-request-explicit-extensions