David I. Lehn
David I. Lehn
I'm not sure what that warning image is even saying. Is it saying node locked those files? What does that mean in this case? Just a regular file lock or...
I'm pretty sure the security issues don't effect the APIs selfsigned uses. There's already an upstream patch to update node-forge. I'll ask if that can be applied.
@roysjosh Yes. We've been busy for a long time and haven't been keeping up with forge PRs. Apologies for that, we really do appreciate the contribution! Could you add a...
Without looking into it, I assume the performance difference is because the forge version is all in JavaScript and the webcrypto version is native. Forge will try to use native...
Can you provide an example PEM file? As you read in the [changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md#130---2022-03-17), there were changes to make things more strict to address some other serious vulnerabilities. Perhaps there were...
Thanks. 2647 bytes of data and 896 trailing zeros. Looking at the PEM [RFC 7468](https://www.rfc-editor.org/rfc/rfc7468), I see the contents are BER, not DER, so things like trailing useless data are,...
Patch available in https://github.com/digitalbazaar/forge/pull/977. Still pondering if that's the best approach. Will release something soon.
What's the issue? This text is from a security advisory that was addressed in 1.3.0.
The primary maintainers here don't use typescript so we're unfamiliar with how that works or who maintains it. That being said, the API hasn't changed significantly for a while so...
Do you have test cases for this change? There are conflicts but it looks like it was rebased on main, not sure what's happening there.