profile
viewpoint
Matthias Winzeler MatthiasWinzeler Bern, Switzerland

swisscom/appcloud-cf-cli-plugin 2

The official cf CLI plugin for the Swisscom Application Cloud

MatthiasWinzeler/bfh-os2-toolchain 1

Sample app to be managed using a toolchain for a school project

MatthiasWinzeler/axlsx 0

xlsx generation with charts, images, automated column width, customizable styles and full schema validation. Axlsx excels at helping you generate beautiful Office Open XML Spreadsheet documents without having to understand the entire ECMA specification. Check out the README for some examples of how easy it is. Best of all, you can validate your xlsx file before serialization so you know for sure that anything generated is going to load on your client's machine.

MatthiasWinzeler/bosh 0

Cloud Foundry BOSH is an open source tool chain for release engineering, deployment and lifecycle management of large scale distributed services.

MatthiasWinzeler/bosh-deployment 0

Collection of BOSH manifests referenced by cloudfoundry/docs-bosh

MatthiasWinzeler/bosh-notes 0

Collection of proposals/ideas for BOSH

MatthiasWinzeler/bosh-workspace 0

Gem for managing your bosh workspace

MatthiasWinzeler/cf-java-client 0

Cloud Foundry - the open platform as a service project

MatthiasWinzeler/cf-kibana-proxy 0

Kibana proxy app to make your Kibana Dashboard publicly available.

MatthiasWinzeler/cf-rabbitmq-release 0

A BOSH Release of RabbitMQ for Cloud Foundry

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha 2e01b656b6b94771c9f3756073944859c0a70596

correcting faq link to news

view details

push time in 7 days

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha aafae028452ca4f2154c71790d4df943a677374c

Update formating for 2.18.x

view details

push time in 7 days

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha b4f7de6b385e8b050b73ee0e18e9037a17c45ded

Update release notes 2.18.x

view details

push time in 10 days

push eventswisscom/docs-appcloud-service-offerings

Fabio Berchtold

commit sha 8ec9d8f78a5c1085c02a36bbdecd375659f78369

clarify secrets-store usage

view details

push time in a month

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha d4843f8a3dd99f726763ecef26895e5298853d6d

Adjust formating

view details

push time in a month

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha 67019317915340378a4a91fd6db9f1450053cd18

adjust formatting, new lines

view details

push time in a month

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha a1d8a59a4a16d16e6d8a02375091624162ccaa22

Add info rate limit on cc API (2.17.x)

view details

push time in a month

issue openedswisscom/ai-research-keyphrase-extraction

Can we utilize GPU to extract keyphrase?

Hello, I'm trying to use GPU to extract keyphrase.

I tried this:

with tf.device('/device:GPU:2'):
kp1 = launch.extract_keyphrases(embedding_distributor, pos_tagger, raw_text, 10, 'en')  #extract 10 keyphrases

But it shows that "Make sure the device specification refers to a valid device. [[init]] "

created time in a month

push eventswisscom/docs-appcloud-devguide

renelehmann

commit sha abe31e455cedabad5eacf0c794f52c441281cf3b

Update release notes for cloudfoundry 2.17.x

view details

push time in a month

created tagswisscom/open-service-broker

tagv6.21.8

Open Service Broker is an implementation of the "Open Service Broker API" based on Spring Boot & Groovy. It enables platforms such as Cloud Foundry & Kubernetes to provision and manage services.

created time in a month

push eventswisscom/open-service-broker

ampersand8

commit sha 7abc3119048695dc6b725e6c0cf7a15de2f0cc7c

bug: RestTemplateBuilder With Auth Thread Unsafe Using RestTemplateBuilder `withBearerAuthentication` or `withBasicAuthentication` can lead to `ConcurrentModificationException` due to the modification of the interceptors. Using `@Synchronized` resolves this issue.

view details

ampersand8

commit sha f95dbc20f129328d29023af23b9b74a46a851217

Merge pull request #369 from swisscom/bug/resttemplate_auth_thread_unsafe bug: RestTemplateBuilder With Auth Thread Unsafe

view details

push time in a month

PR merged swisscom/open-service-broker

bug: RestTemplateBuilder With Auth Thread Unsafe

Using RestTemplateBuilder withBearerAuthentication or withBasicAuthentication can lead to ConcurrentModificationException due to the modification of the interceptors. Using @Synchronized resolves this issue.

+90 -0

0 comment

2 changed files

ampersand8

pr closed time in a month

PR opened swisscom/open-service-broker

bug: RestTemplateBuilder With Auth Thread Unsafe

Using RestTemplateBuilder withBearerAuthentication or withBasicAuthentication can lead to ConcurrentModificationException due to the modification of the interceptors. Using @Synchronized resolves this issue.

+90 -0

0 comment

2 changed files

pr created time in a month

PR opened swisscom/sample-uaa-angular-client

Bump webpack-subresource-integrity from 1.1.0-rc.4 to 1.5.1

Bumps webpack-subresource-integrity from 1.1.0-rc.4 to 1.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/waysact/webpack-subresource-integrity/releases">webpack-subresource-integrity's releases</a>.</em></p> <blockquote> <h2>v1.5.1</h2> <ul> <li>Fix a security issue where dynamically loaded chunks were not protected from tampering. This issue was introduced in v1.5.0. (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/131">#131</a>)</li> </ul> <h2>v1.5.0</h2> <ul> <li>Compatibility with Webpack 5</li> </ul> <h2>v1.4.1</h2> <ul> <li>Ignore tags with null attributes (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/122">#122</a>)</li> </ul> <h2>v1.4.0</h2> <ul> <li>Add integrity to link preload tags (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/111">#111</a>)</li> </ul> <h2>v1.3.4</h2> <ul> <li>Fix warning when used with <a href="https://github.com/fqborges/webpack-fix-style-only-entries">webpack-fix-style-only-entries</a> (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/106">#106</a>)</li> </ul> <h2>v1.3.3</h2> <ul> <li>Fix source maps in projects with code splitting (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/113">#113</a>)</li> <li>Documentation tweaks: <ul> <li>Remove recommendation to use <code>require-sri</code></li> <li>Add warning about unreliable <code><link preload></code></li> </ul> </li> </ul> <h2>v1.3.2</h2> <ul> <li>Fix bug where in some cases runtime bundle contents changed needlessly and without contenthash changing (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/101">#101</a>)</li> </ul> <h2>v1.3.1</h2> <ul> <li>Fix bug when used alongside <a href="https://github.com/mmiller42/html-webpack-externals-plugin">html-webpack-externals-plugin</a> (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/97">#97</a>)</li> <li>Suppress warning about missing dependencies (requires package manager with support for <code>peerDependenciesMeta</code>) (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/90">#90</a>)</li> </ul> <h2>v1.3.0</h2> <ul> <li>Support for assets added in <code>html-webpack-plugin-before-html-generation</code> hook, for example by <code>add-asset-html-webpack-plugin</code> (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/51">#51</a>)</li> </ul> <h2>v1.2.0</h2> <ul> <li>Replace <a href="https://github.com/webpack/core">webpack-core</a> dependency by <a href="https://github.com/webpack/webpack-sources">webpack-sources</a> (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/93">#93</a>)</li> </ul> <h2>v1.1.0</h2> <ul> <li>Document <a href="https://github.com/webdeveric/webpack-assets-manifest">webpack-asset-manifest</a> integration (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/45">#45</a>)</li> </ul> <h2>v1.1.0-rc.7</h2> <ul> <li>Avoid duplicate error message on Webpack 4.20</li> <li>Fix crash in non-web builds, emit warning instead (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/87">#87</a>)</li> <li>Declare peer dependency on html-webpack-plugin (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/90">#90</a>)</li> </ul> <h2>v1.1.0-rc.6</h2> <ul> <li>Fix a bug occurring in a certain constellation (Webpack 4 with splitChunks optimization in production mode plus mini-css-extract-plugin) by simplifying chunk-to-asset mapping code (<a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/83">#83</a>)</li> </ul> <h2>v1.1.0-rc.5</h2> <ul> <li>Fix incompatibility with Webpack 4.13+ where the <code>crossOrigin</code> attribute wasn't always set.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/ed3c8cdc095cc3a5073db52f66514a89252303b6"><code>ed3c8cd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/132">#132</a> from waysact/issue-131</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/3d7090c08c333fcfb10ad9e2d6cf72e2acb7d87f"><code>3d7090c</code></a> Fix hash lookup for dynamic chunks</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/1d6bfcdcce157c8daa42d0a056d4f3ee871c447a"><code>1d6bfcd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/waysact/webpack-subresource-integrity/issues/130">#130</a> from waysact/webpack-5</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/1631ca6bb227546c62dd686dbca8e877b57d3e01"><code>1631ca6</code></a> Clean up dependency version ranges</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/00dd2bc58468db9a12cfbd32adc9feb1b1607fcc"><code>00dd2bc</code></a> Refactor hook setup</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/3cc27aae0bdf7f0b238571eae806e46b564c2bb9"><code>3cc27aa</code></a> Bump version to 1.5.0</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/9c5ca816e8a5749a5f15297199c4fe92c44dc530"><code>9c5ca81</code></a> Fix Travis exclusions</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/695be87724d284c1f2eb6b5be077b51296b28452"><code>695be87</code></a> Fix Webpack 5 deprecation warning</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/878afff9b518443562926e395df8cfd9e2a2913f"><code>878afff</code></a> Test against Webpack 5</li> <li><a href="https://github.com/waysact/webpack-subresource-integrity/commit/5f552111e73d2b7380c23b39cf94eb963c9c62c7"><code>5f55211</code></a> Stop testing Node 4 on Windows</li> <li>Additional commits viewable in <a href="https://github.com/waysact/webpack-subresource-integrity/compare/v1.1.0-rc.4...v1.5.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+22 -31

0 comment

1 changed file

pr created time in a month

push eventswisscom/docs-appcloud-service-offerings

Adrian Kurt

commit sha 9c47ae0ae412942ac6036303b45c14f8469d5754

remove modified date as this is now part of the template

view details

push time in 2 months

push eventswisscom/docs-appcloud-tutorial-java

Adrian

commit sha 03c74384eba201cfdd533f42f17f3ce66c7937b3

Update README.md

view details

push time in 2 months

push eventswisscom/docs-appcloud-service-offerings

Adrian Kurt

commit sha cd0710b070585efb18b2043305d17ad43a988041

update elasticsearch versions

view details

push time in 2 months

issue commentswisscom/ai-research-keyphrase-extraction

ConnectionRefusedError: [Errno 111] Connection refused

https://stackoverflow.com/questions/64238613/access-server-running-on-docker-container/64239854#64239854

gandharvsuri

comment created time in 2 months

push eventswisscom/docs-appcloud-tutorial-java

push time in 2 months

delete branch swisscom/sample-uaa-angular-client

delete branch : dependabot/npm_and_yarn/elliptic-6.5.3

delete time in 2 months

PR closed swisscom/sample-uaa-angular-client

Bump elliptic from 6.4.0 to 6.5.3 dependencies

Bumps elliptic from 6.4.0 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li><a href="https://github.com/indutny/elliptic/commit/60489415e545efdfd3010ae74b9726facbf08ca8"><code>6048941</code></a> 6.5.2</li> <li><a href="https://github.com/indutny/elliptic/commit/9984964457c9f8a63b91b01ea103260417eca237"><code>9984964</code></a> package: bump dependencies</li> <li><a href="https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a"><code>ec735ed</code></a> utils: leak less information in <code>getNAF()</code></li> <li><a href="https://github.com/indutny/elliptic/commit/71e4e8e2f5b8f0bdbfbe106c72cc9fbc746d3d60"><code>71e4e8e</code></a> 6.5.1</li> <li><a href="https://github.com/indutny/elliptic/commit/7ec66ffa255079260126d87b1762a59ea10de5ea"><code>7ec66ff</code></a> short: add infinity check before multiplying</li> <li><a href="https://github.com/indutny/elliptic/commit/ee7970b92f388e981d694be0436c4c8036b5d36c"><code>ee7970b</code></a> travis: really move on</li> <li><a href="https://github.com/indutny/elliptic/commit/637d0216b58de7edee4f3eb5641295ac323acadb"><code>637d021</code></a> travis: move on</li> <li><a href="https://github.com/indutny/elliptic/commit/5ed0babb6467cd8575a9218265473fda926d9d42"><code>5ed0bab</code></a> package: update deps</li> <li>Additional commits viewable in <a href="https://github.com/indutny/elliptic/compare/v6.4.0...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

pull request commentswisscom/sample-uaa-angular-client

Bump elliptic from 6.4.0 to 6.5.3

Looks like elliptic is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 2 months

delete branch swisscom/sample-uaa-angular-client

delete branch : dependabot/npm_and_yarn/lodash-4.17.19

delete time in 2 months

PR closed swisscom/sample-uaa-angular-client

Bump lodash from 4.17.10 to 4.17.19 dependencies

Bumps lodash from 4.17.10 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.10...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

pull request commentswisscom/sample-uaa-angular-client

Bump lodash from 4.17.10 to 4.17.19

Looks like lodash is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 2 months

delete branch swisscom/sample-uaa-angular-client

delete branch : dependabot/npm_and_yarn/jsrsasign-8.0.20

delete time in 2 months

PR closed swisscom/sample-uaa-angular-client

Bump jsrsasign from 8.0.12 to 8.0.20 dependencies

Bumps jsrsasign from 8.0.12 to 8.0.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kjur/jsrsasign/releases">jsrsasign's releases</a>.</em></p> <blockquote> <h2>add CSR support for subjectAltName</h2> <ul> <li>Changes From 8.0.19 to 8.0.20 <ul> <li>src/asn1csr.js <ul> <li>CSRUtil.getInfo <ul> <li>add ext parameter to show subjectAltName property</li> <li>change not to raise error when subject name is empty in CSR</li> </ul> </li> </ul> </li> <li>src/x509.js <ul> <li>X509.parseExt <ul> <li>add support for CSR extension request field</li> </ul> </li> </ul> </li> <li>src/asn1hex.js <ul> <li>ASN1HEX.getIdxbyList <ul> <li>small update for exception</li> </ul> </li> </ul> </li> <li>test/ <ul> <li>qunit-do-{asn1csr, x509}.html to add tests for above.</li> </ul> </li> </ul> </li> </ul> <h2>ECDSA signature validation maleability fix and others</h2> <ul> <li>Changes from 8.0.18 to 8.0.19 <ul> <li>src/ecdsa-mod.js <ul> <li>ECDSA.verifyHex fixed for some types of maleability (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/437">#437</a>)</li> </ul> </li> <li>src/asn1hex.js <ul> <li>ASN1HEX.checkStrictDER added</li> </ul> </li> <li>src/asn1x509.js <ul> <li>It's founded that OpenSSL's DN representation like "/C=US/O=test" is "compat" format. So those methods are added and existing method is now deprecated. <ul> <li>X500Name.{ldapToOneline, onelineToLdap} are now deprecated.</li> <li>X500Name.{ldapToCompat, compatToLdap} are added.</li> </ul> </li> </ul> </li> <li>src/x509.js <ul> <li>update for compatToLdap and ldapToCompat</li> </ul> </li> <li>src/crypto.js <ul> <li>document update</li> </ul> </li> </ul> </li> </ul> <h2>RSA decryption and RSA signature validation maleability fix</h2> <ul> <li>Changes from 8.0.17 to 8.0.18 <ul> <li>ext/rsa2.js <ul> <li>RSADecrypt fixed for zero prepending maleability (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/439">#439</a>)</li> <li>RSADecryptOAEP fixed for zero prepending maleability</li> </ul> </li> <li>src/rsasign.js <ul> <li>verifyWithMessageHash fixed for zero prepending maleability</li> </ul> </li> <li>test <ul> <li>qunit-do-crypto-cipher.html: some test case added for above</li> </ul> </li> </ul> </li> </ul> <h2>RSAPSS verification maleability fix and others</h2> <ul> <li>Changes from 8.0.16 to 8.0.17 <ul> <li>src/rsasign.js <ul> <li>verifyWithMessageHashPSS fixed for prepending zeros maleability (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/438">#438</a>)</li> </ul> </li> <li>src/asn1x509.js <ul> <li>allow alternative algorithms to sign CRLs (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/440">#440</a>)</li> </ul> </li> <li>src/asn1cms.js <ul> <li>improve CMSUtil.newSignedData helper with detached signatures (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/441">#441</a>)</li> </ul> </li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt">jsrsasign's changelog</a>.</em></p> <blockquote> <p>ChangeLog for jsrsasign</p> <p>add CSR support for subjectAltName</p> <ul> <li>Changes From 8.0.19 to 8.0.20 <ul> <li>src/asn1csr.js <ul> <li>CSRUtil.getInfo <ul> <li>add ext parameter to show subjectAltName property</li> <li>change not to raise error when subject name is empty in CSR</li> </ul> </li> </ul> </li> <li>src/x509.js <ul> <li>X509.parseExt <ul> <li>add support for CSR extension request field</li> </ul> </li> </ul> </li> <li>src/asn1hex.js <ul> <li>ASN1HEX.getIdxbyList <ul> <li>small update for exception</li> </ul> </li> </ul> </li> <li>test/ <ul> <li>qunit-do-{asn1csr, x509}.html to add tests for above.</li> </ul> </li> </ul> </li> </ul> <p>ECDSA signature validation maleability fix and others</p> <ul> <li>Changes from 8.0.18 to 8.0.19 <ul> <li>src/ecdsa-mod.js <ul> <li>ECDSA.verifyHex fixed for some types of maleability (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/437">#437</a>)</li> </ul> </li> <li>src/asn1hex.js <ul> <li>ASN1HEX.checkStrictDER added</li> </ul> </li> <li>src/asn1x509.js <ul> <li>It's founded that OpenSSL's DN representation like "/C=US/O=test" is "compat" format. So those methods are added and existing method is now deprecated. <ul> <li>X500Name.{ldapToOneline, onelineToLdap} are now deprecated.</li> <li>X500Name.{ldapToCompat, compatToLdap} are added.</li> </ul> </li> </ul> </li> <li>src/x509.js <ul> <li>update for compatToLdap and ldapToCompat</li> </ul> </li> <li>src/crypto.js <ul> <li>document update</li> </ul> </li> </ul> </li> </ul> <p>RSA decryption and RSA signature validation maleability fix</p> <ul> <li> <p>Changes from 8.0.17 to 8.0.18</p> <ul> <li>ext/rsa2.js <ul> <li>CVE-2020-14967 RSADecrypt fixed for zero prepending maleability (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/439">#439</a>)</li> <li>RSADecryptOAEP fixed for zero prepending maleability</li> </ul> </li> <li>src/rsasign.js <ul> <li>verifyWithMessageHash fixed for zero prepending maleability</li> </ul> </li> <li>test <ul> <li>qunit-do-crypto-cipher.html: some test case added for above</li> </ul> </li> </ul> </li> <li> <p>Changes from 8.0.16 to 8.0.17</p> <ul> <li>src/rsasign.js <ul> <li>CVE-2020-14968 verifyWithMessageHashPSS fixed for prepending zeros maleability (<a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/438">#438</a>)</li> </ul> </li> <li>src/asn1x509.js</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjur/jsrsasign/commit/adc64c842cf727c8c8371907bbab83cb731c8fbe"><code>adc64c8</code></a> 8.0.20 release</li> <li><a href="https://github.com/kjur/jsrsasign/commit/6ef02059a3c4b4cc6e6cd36b1a617bd6a5041224"><code>6ef0205</code></a> Update README.md</li> <li><a href="https://github.com/kjur/jsrsasign/commit/59cc1cce9467cdaafd42bdf272434ef8acbe7189"><code>59cc1cc</code></a> 8.0.19 release</li> <li><a href="https://github.com/kjur/jsrsasign/commit/6efc23aead22aa432613c345f84c39880f91744d"><code>6efc23a</code></a> 8.0.18 release</li> <li><a href="https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f"><code>6087412</code></a> 8.0.18 release</li> <li><a href="https://github.com/kjur/jsrsasign/commit/861ab2718b2bf8718830544c0e512cf127197316"><code>861ab27</code></a> 8.0.17 release</li> <li><a href="https://github.com/kjur/jsrsasign/commit/3bcc088c727658d7235854cd2a409a904cc2ce99"><code>3bcc088</code></a> <a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/442">#442</a> RSAGenerate key length issue fix</li> <li><a href="https://github.com/kjur/jsrsasign/commit/108c7df21b6bd484b13e1a1c3cde70813f177a07"><code>108c7df</code></a> comment update</li> <li><a href="https://github.com/kjur/jsrsasign/commit/12fdf1b1865b199261238dc0a3c0515ebf65139d"><code>12fdf1b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/441">#441</a> from ilmesi/master</li> <li><a href="https://github.com/kjur/jsrsasign/commit/6fa9716263bbfe93361a9072dfdc56b725e34164"><code>6fa9716</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/kjur/jsrsasign/issues/440">#440</a> from augjoh/master</li> <li>Additional commits viewable in <a href="https://github.com/kjur/jsrsasign/compare/8.0.12...8.0.20">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

more