management/front/dkha-web-sz-main/node_modules/node-forge/CHANGELOG.md

5.0 KiB

Forge ChangeLog

0.7.5 - 2018-03-30

Fixed

  • Remove use of const.

0.7.4 - 2018-03-07

Fixed

  • Potential regex denial of service in form.js.

Added

  • Support for ED25519.
  • Support for baseN/base58.

0.7.3 - 2018-03-05

  • Re-publish with npm 5.6.0 due to file timestamp issues.

0.7.2 - 2018-02-27

Added

  • Support verification of SHA-384 certificates.
  • 1.2.840.10040.4.3'/dsa-with-sha1 OID.

Fixed

  • Support importing PKCS#7 data with no certificates. RFC 2315 sec 9.1 states certificates are optional.
  • asn1.equals loop bug.
  • Fortuna implementation bugs.

0.7.1 - 2017-03-27

Fixed

  • Fix digestLength for hashes based on SHA-512.

0.7.0 - 2017-02-07

Fixed

  • Fix test looping bugs so all tests are run.
  • Improved ASN.1 parsing. Many failure cases eliminated. More sanity checks. Better behavior in default mode of parsing BIT STRINGs. Better handling of parsed BIT STRINGs in toDer(). More tests.
  • Improve X.509 BIT STRING handling by using new capture modes.

Changed

  • Major refactor to use CommonJS plus a browser build system.
  • Updated tests, examples, docs.
  • Updated dependencies.
  • Updated flash build system.
  • Improve OID mapping code.
  • Change test servers from Python to JavaScript.
  • Improve PhantomJS support.
  • Move Bower/bundle support to forge-dist.
  • BREAKING: Require minimal digest algorithm dependencies from individual modules.
  • Enforce currently supported bit param values for byte buffer access. May be BREAKING for code that depended on unspecified and/or incorrect behavior.
  • Improve asn1.prettyPrint() BIT STRING display.

Added

  • webpack bundler support via npm run build:
    • Builds .js, .min.js, and basic sourcemaps.
    • Basic build: forge.js.
    • Build with extra utils and networking support: forge.all.js.
    • Build WebWorker support: prime.worker.js.
  • Browserify support in package.json.
  • Karma browser testing.
  • forge.options field.
  • forge.options.usePureJavaScript flag.
  • forge.util.isNodejs flag (used to select "native" APIs).
  • Run PhantomJS tests in Travis-CI.
  • Add "Donations" section to README.
  • Add IRC to "Contact" section of README.
  • Add "Security Considerations" section to README.
  • Add pbkdf2 usePureJavaScript test.
  • Add rsa.generateKeyPair async and usePureJavaScript tests.
  • Add .editorconfig support.
  • Add md.all.js which includes all digest algorithms.
  • Add asn1 equals() and copy().
  • Add asn1 validate() capture options for BIT STRING contents and value.

Removed

  • BREAKING: Can no longer call forge({...}) to create new instances.
  • Remove a large amount of old cruft.

Migration from 0.6.x to 0.7.x

  • (all) If you used the feature to create a new forge instance with new configuration options you will need to rework your code. That ability has been removed due to implementation complexity. The main rare use was to set the option to use pure JavaScript. That is now available as a library global flag forge.options.usePureJavaScript.
  • (npm,bower) If you used the default main file there is little to nothing to change.
  • (npm) If you accessed a sub-resource like forge/js/pki you should either switch to just using the main forge and access forge.pki or update to forge/lib/pki.
  • (bower) If you used a sub-resource like forge/js/pki you should switch to just using forge and access forge.pki. The bower release bundles everything in one minified file.
  • (bower) A configured workerScript like /bower_components/forge/js/prime.worker.js will need to change to /bower_components/forge/dist/prime.worker.min.js.
  • (all) If you used the networking support or flash socket support, you will need to use a custom build and/or adjust where files are loaded from. This functionality is not included in the bower distribution by default and is also now in a different directory.
  • (all) The library should now directly support building custom bundles with webpack, browserify, or similar.
  • (all) If building a custom bundle ensure the correct dependencies are included. In particular, note there is now a md.all.js file to include all digest algorithms. Individual files limit what they include by default to allow smaller custom builds. For instance, pbdkf2.js has a sha1 default but does not include any algorithm files by default. This allows the possibility to include only sha256 without the overhead of sha1 and sha512.

Notes

  • This major update requires updating the version to 0.7.x. The existing work-in-progress "0.7.x" branch will be painfully rebased on top of this new 0.7.x and moved forward to 0.8.x or later as needed.
  • 0.7.x is a start of simplifying forge based on common issues and what has appeared to be the most common usage. Please file issues with feedback if the changes are problematic for your use cases.

0.6.x - 2016 and earlier