[Snyk] Upgrade jsrsasign from 10.9.0 to 11.1.0

[OKEAMAH]

Snyk has created this PR to upgrade jsrsasign from 10.9.0 to 11.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 2 versions ahead of your current version.

• The recommended version was released on 6 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Observable Discrepancy SNYK-JS-JSRSASIGN-6070731	272	Proof of Concept

Release notes

Package name: jsrsasign

• 11.1.0 - 2024-02-01
  
  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support
• 11.0.0 - 2024-01-16
  
  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
    • src/crypto.js
      • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
    • ext/{rsa,rsa2}.js
      remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
• 10.9.0 - 2023-11-27
  
  • Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
    • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
      • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
      • default prf is changed from hmacWithSHA1 to hmacWithSHA256
    • src/keyutil.js
      • more encrypted PKCS#8 private key support
        • KEYUTIL.getKey now supports encrypted PKCS#8 private key with
          aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
          psudorandom function.
        • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
          priavte key.
    • src/crypto.js
      • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
    • src/base64x.js
      • function inttohex and twoscompl are added
    • src/asn1.js
      • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
    • src/asn1x509.js
      • aes*-CBC and hmacWithSHA* OIDs are added
    • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
      • update and add some test cases for above
    • stop bower support (bower.json removed)

from jsrsasign GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/[email protected]	None	0	7.8 kB	types
npm/@types/[email protected]	None	0	3.77 kB	types
npm/[email protected]	None	0	1.64 MB	vitaly

🚮 Removed packages: npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎