diff --git a/CHANGES.md b/CHANGES.md index f27078b..d625f17 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,88 +6,88 @@ ## 1.3.6 - - Remove leading newline from signing string (#2) - - Add colon after (request-target) in docs (joyent#120) +* Remove leading newline from signing string (#2) +* Add colon after (request-target) in docs (joyent#120) ## 1.3.5 - - Add keyPassphrase option to signer (#115) - - Add support for created and expires values (#110) +* Add keyPassphrase option to signer (#115) +* Add support for created and expires values (#110) ## 1.3.4 -- Fix breakage in v1.3.3 with the setting of the "algorithm" field in the +* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the Authorization header (#102) ## 1.3.3 **Bad release. Use 1.3.4.** - - Add support for an opaque param in the Authorization header (#101) - - Add support for adding the keyId and algorithm params into the signing string (#100) +* Add support for an opaque param in the Authorization header (#101) +* Add support for adding the keyId and algorithm params into the signing string (#100) ## 1.3.2 -- Allow Buffers to be used for verifyHMAC (#98) +* Allow Buffers to be used for verifyHMAC (#98) ## 1.3.1 -- Fix node 0.10 usage (#90) +* Fix node 0.10 usage (#90) ## 1.3.0 **Known issue:** This release broken http-signature with node 0.10. -- Bump dependency `sshpk` -- Add `Signature` header support (#83) +* Bump dependency `sshpk` +* Add `Signature` header support (#83) ## 1.2.0 -- Bump dependency `assert-plus` -- Add ability to pass a custom header name -- Replaced dependency `node-uuid` with `uuid` +* Bump dependency `assert-plus` +* Add ability to pass a custom header name +* Replaced dependency `node-uuid` with `uuid` ## 1.1.1 -- Version of dependency `assert-plus` updated: old version was missing +* Version of dependency `assert-plus` updated: old version was missing some license information -- Corrected examples in `http_signing.md`, added auto-tests to +* Corrected examples in `http_signing.md`, added auto-tests to automatically validate these examples ## 1.1.0 -- Bump version of `sshpk` dependency, remove peerDependency on it since +* Bump version of `sshpk` dependency, remove peerDependency on it since it now supports exchanging objects between multiple versions of itself where possible ## 1.0.2 -- Bump min version of `jsprim` dependency, to include fixes for using +* Bump min version of `jsprim` dependency, to include fixes for using http-signature with `browserify` ## 1.0.1 -- Bump minimum version of `sshpk` dependency, to include fixes for +* Bump minimum version of `sshpk` dependency, to include fixes for whitespace tolerance in key parsing. ## 1.0.0 -- First semver release. -- #36: Ensure verifySignature does not leak useful timing information -- #42: Bring the library up to the latest version of the spec (including the +* First semver release. +* #36: Ensure verifySignature does not leak useful timing information +* #42: Bring the library up to the latest version of the spec (including the request-target changes) -- Support for ECDSA keys and signatures. -- Now uses `sshpk` for key parsing, validation and conversion. -- Fixes for #21, #47, #39 and compatibility with node 0.8 +* Support for ECDSA keys and signatures. +* Now uses `sshpk` for key parsing, validation and conversion. +* Fixes for #21, #47, #39 and compatibility with node 0.8 ## 0.11.0 -- Split up HMAC and Signature verification to avoid vulnerabilities where a +* Split up HMAC and Signature verification to avoid vulnerabilities where a key intended for use with one can be validated against the other method instead. ## 0.10.2 -- Updated versions of most dependencies. -- Utility functions exported for PEM => SSH-RSA conversion. -- Improvements to tests and examples. +* Updated versions of most dependencies. +* Utility functions exported for PEM => SSH-RSA conversion. +* Improvements to tests and examples. diff --git a/Jenkinsfile b/Jenkinsfile index 7203bda..9ae026b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,4 +1,4 @@ -@Library('jenkins-joylib@v1.0.2') _ +@Library('jenkins-joylib@v1.0.8') _ pipeline { @@ -80,7 +80,7 @@ pipeline { post { always { - joyMattermostNotification() + joySlackNotifications() } } } diff --git a/package-lock.json b/package-lock.json index 0020793..575c480 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "http-signature", - "version": "1.3.2", + "version": "1.3.6", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -150,18 +150,18 @@ "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=" }, "json-schema": { - "version": "0.2.3", - "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz", - "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=" + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", + "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==" }, "jsprim": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz", - "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-2.0.2.tgz", + "integrity": "sha512-gqXddjPqQ6G40VdnI6T6yObEC+pDNvyP95wdQhkWkg7crHH3km5qP1FsOXEkzEQwnz6gz5qGTn1c2Y52wP3OyQ==", "requires": { "assert-plus": "1.0.0", "extsprintf": "1.3.0", - "json-schema": "0.2.3", + "json-schema": "0.4.0", "verror": "1.10.0" } }, diff --git a/package.json b/package.json index ad18a2c..789db94 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ }, "dependencies": { "assert-plus": "^1.0.0", - "jsprim": "^1.2.2", + "jsprim": "^2.0.2", "sshpk": "^1.14.1" }, "devDependencies": {