From 9250e88df62d05929a60d6a6690b2a1271464336 Mon Sep 17 00:00:00 2001 From: "Pawla Abdul (Bot)" Date: Sat, 11 Apr 2026 17:10:06 +0000 Subject: [PATCH] fix: update node-forge to 1.4.0 to patch security vulnerabilities Resolves 4 high-severity vulnerabilities in node-forge: - GHSA-2328-f5f3-gj25: basicConstraints bypass - GHSA-q67f-28xg-22rw: signature forgery Ed25519 - GHSA-5m6q-g25r-mvwx: Denial of Service via Infinite Loop - GHSA-ppp5-5v6c-4jwp: signature forgery RSA-PKCS Fixes PRI-21 --- package.json | 2 +- pnpm-lock.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index b0ccb70..9ab025a 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "undici": "^7.24.3" }, "dependencies": { - "node-forge": "^1.3.1" + "node-forge": "^1.4.0" }, "devDependencies": { "@headlamp-k8s/eslint-config": "^0.6.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1ccf8d8..c5e7f3e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ importers: .: dependencies: node-forge: - specifier: ^1.3.1 - version: 1.3.3 + specifier: ^1.4.0 + version: 1.4.0 devDependencies: '@headlamp-k8s/eslint-config': specifier: ^0.6.0 @@ -3851,8 +3851,8 @@ packages: resolution: {integrity: sha512-pyFS63ptit/P5WqUkt+UUfe+4oevH+bFeIiPPdfb0pFeYEu/1ELnJu5l+5EcTKYL5M7zaAa7S8ddywgXypqKCw==} engines: {node: '>= 0.4'} - node-forge@1.3.3: - resolution: {integrity: sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==} + node-forge@1.4.0: + resolution: {integrity: sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ==} engines: {node: '>= 6.13.0'} node-releases@2.0.36: @@ -9913,7 +9913,7 @@ snapshots: object.entries: 1.1.9 semver: 6.3.1 - node-forge@1.3.3: {} + node-forge@1.4.0: {} node-releases@2.0.36: {} -- 2.52.0