urllib icon indicating copy to clipboard operation
urllib copied to clipboard
verified publisher icon node-modules

chore(deps): update dependency selfsigned to v5

Open renovate[bot] opened this issue 1 month ago • 3 comments

This PR contains the following updates:

Package Change Age Confidence
selfsigned ^3.0.0 -> ^5.0.0 age confidence

Release Notes

jfromaniello/selfsigned (selfsigned)

v5.2.0

Compare Source

v5.1.0

Compare Source

v5.0.0

Compare Source

🚀 Major Rewrite

Complete rewrite replacing node-forge with modern @peculiar/x509 and pkijs libraries.

✨ Added
  • Native WebCrypto API support for better performance and security
  • TypeScript examples in documentation
  • Async/await support as the primary API
  • Support for keyPair option to use existing keys
  • Updated to use Node.js native crypto for all operations
  • Separate selfsigned/pkcs7 module for tree-shakeable PKCS#7 support
💥 BREAKING CHANGES

  1. Async-only API: The generate() function now returns a Promise. Synchronous generation has been removed.

    // Old (v4.x)
const pems = selfsigned.generate(attrs, options);

// New (v5.x)
const pems = await selfsigned.generate(attrs, options);

  2. No callback support: Callbacks have been completely removed in favor of Promises.

    // Old (v4.x)
selfsigned.generate(attrs, options, function(err, pems) { ... });

// New (v5.x)
const pems = await selfsigned.generate(attrs, options);

  3. Minimum Node.js version: Now requires Node.js >= 15.6.0 (was >= 10)

    • Required for native WebCrypto support

  4. Dependencies changed:

    • ❌ Removed: node-forge (1.64 MB)
    • ✅ Added: @peculiar/x509 (551 KB) - 66% smaller!
    • ✅ Added: pkijs (1.94 MB, only for PKCS#7 support)
    • Bundle size reduced by 66% when not using PKCS#7

  5. PKCS#7 API changed:

    • Old: const pems = await generate(attrs, { pkcs7: true }); pems.pkcs7
    • New: const { createPkcs7 } = require('selfsigned/pkcs7'); const pkcs7 = createPkcs7(pems.cert);
    • PKCS#7 is now a separate module for better tree-shaking
🔧 Changed
  • Default key size remains 2048 bits (was incorrectly documented as 1024)
  • PEM output uses \n line endings (was \r\n)
  • Private keys now use PKCS#8 format (BEGIN PRIVATE KEY instead of BEGIN RSA PRIVATE KEY)
  • Certificate generation is now fully async using native WebCrypto
  • PKCS#7 is now tree-shakeable: Moved to separate selfsigned/pkcs7 module so bundlers can exclude it when not used
🐛 Fixed
  • Default key size documentation corrected from 1024 to 2048 bits
  • Improved error handling for certificate generation failures
📦 Dependencies

Removed:

  • node-forge@^1.3.1
  • @types/node-forge@^1.3.0

Added:

  • @peculiar/x509@​^1.14.2 (required)
  • pkijs@^3.3.3 (required, but tree-shakeable via separate selfsigned/pkcs7 module)
🔒 Security
  • Now uses Node.js native WebCrypto API instead of JavaScript implementation
  • Better integration with platform security features
  • More secure random number generation
📚 Documentation
  • Complete README rewrite with async/await examples
  • Added migration guide from v4.x to v5.x
  • Updated all code examples to use async/await
  • Added requirements section highlighting Node.js version requirement

v4.0.1

Compare Source

v4.0.0

Compare Source

See git history for changes in 4.x and earlier versions.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Dec 01 '25 19:12 renovate[bot]

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Dec 01 '25 19:12 coderabbitai[bot]

Open in StackBlitz

npm i https://pkg.pr.new/node-modules/urllib@601

commit: 3b62717

pkg-pr-new[bot] avatar Dec 01 '25 19:12 pkg-pr-new[bot]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedselfsigned@​3.0.1 ⏵ 5.2.0100100100 +692 -1100

View full report

socket-security[bot] avatar Dec 01 '25 19:12 socket-security[bot]