From 54f90f73aecdc3de7e49ba11bd8da83d35ee22f2 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Wed, 5 May 2021 08:38:10 +0200 Subject: [PATCH] Update jsrsasign to ^10.2.0 (Includes fix for CVE-2021-30246) See https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg for details. --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index c11256e1a1..5598b3872e 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "browser-request": "^0.3.3", "gfm.css": "^1.1.2", "highlight.js": "^10.5.0", - "jsrsasign": "^10.1.5", + "jsrsasign": "^10.2.0", "katex": "^0.12.0", "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", diff --git a/yarn.lock b/yarn.lock index ee50155c3b..6a4030eb42 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7304,10 +7304,10 @@ jsprim@^1.2.2: json-schema "0.2.3" verror "1.10.0" -jsrsasign@^10.1.5: - version "10.1.5" - resolved "https://registry.yarnpkg.com/jsrsasign/-/jsrsasign-10.1.5.tgz#d59127cf76f5d12211a7849fafdb7e0cddab6139" - integrity sha512-xlCtvZ+S2fPnw6YQyPkgMZ1dgMJ02bmK5Rt1umpo/KThBP6Zzq9awzXU71NEw1NYxXmLFnjorpQYKLZzMdF3lg== +jsrsasign@^10.2.0: + version "10.2.0" + resolved "https://registry.yarnpkg.com/jsrsasign/-/jsrsasign-10.2.0.tgz#960ab8046d19d3fcbb584368a57d1977cb0b7ffd" + integrity sha512-khMrV/10U02DRzmXhjuLQjddUF39GHndaJZ/3YiiKkbyEl1T5M6EQF9nQUq0DFVCHusmd/jl8TWl4mWt+1L5hg== "jsx-ast-utils@^2.4.1 || ^3.0.0": version "3.2.0"