23634551207
100%

Ran 27 Mar 2026 06:40AM UTC

Jobs 6

Files 45

Run time 1min

Badge

Embed ▾

Committed 27 Mar 2026 06:39AM UTC coverage: 100.0%. Remained the same

Build # 23634551207

Build Type

push

github

Committed by

web-flow

Commit Message

chore(deps): update dependency node-forge to v1.4.0 (#3281)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [node-forge](https://redirect.github.com/digitalbazaar/forge) |
[`1.3.3` →
`1.4.0`](https://renovatebot.com/diffs/npm/node-forge/1.3.3/1.4.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/node-forge/1.4.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/node-forge/1.3.3/1.4.0?slim=true)
|

---

### Release Notes

<details>
<summary>digitalbazaar/forge (node-forge)</summary>

###
[`v1.4.0`](https://redirect.github.com/digitalbazaar/forge/blob/HEAD/CHANGELOG.md#140---2026-03-24)

[Compare
Source](https://redirect.github.com/digitalbazaar/forge/compare/v1.3.3...v1.4.0)

##### Security

- **HIGH**: Denial of Service in `BigInteger.modInverse()`
- A Denial of Service (DoS) vulnerability exists due to an infinite loop
in
the `BigInteger.modInverse()` function (inherited from the bundled jsbn
library). When `modInverse()` is called with a zero value as input, the
internal Extended Euclidean Algorithm enters an unreachable exit
condition,
    causing the process to hang indefinitely and consume 100% CPU.
  - Reported by Kr0emer.
- CVE ID:
[CVE-2026-33891](https://www.cve.org/CVERecord?id=CVE-2026-33891)
- GHSA ID:
[GHSA-5gfm-wpxj-wjgq](https://redirect.github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx)
- **HIGH**: Signature forgery in RSA-PKCS due to ASN.1 extra field.
- RSASSA [PKCS#1](https://redirect.github.com/PKCS/forge/issues/1) v1.5
signature verification accepts forged signatures for low
public exponent keys (e=3). Attackers can forge signatures by stuffing
    "garbage" bytes within the ASN.1 structure in order to construct a
signature that passes verification, enabling Bleichenbacher style
forgery.
This issue is similar to CVE-2... (continued)

Coverage Stats

943 of 985 branches covered (95.74%)

1368 of 1368 relevant lines covered (100.0%)

398.04 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	run-22.x - 23634551207.1	27 Mar 2026 06:40AM UTC	45	100.0	GitHub Action Run
2	run-20.19.0 - 23634551207.2	27 Mar 2026 06:40AM UTC	45	100.0	GitHub Action Run
3	run-24.x - 23634551207.3	27 Mar 2026 06:40AM UTC	45	100.0	GitHub Action Run
4	run-20.x - 23634551207.4	27 Mar 2026 06:40AM UTC	45	100.0	GitHub Action Run
5	run-22.12.0 - 23634551207.5	27 Mar 2026 06:40AM UTC	45	100.0	GitHub Action Run
6	run-24.0.0 - 23634551207.6	27 Mar 2026 06:40AM UTC	45	100.0	GitHub Action Run

RobinTail / express-zod-api / 23634551207
100%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 23634551207

RobinTail / express-zod-api / 23634551207 100%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 23634551207

RobinTail / express-zod-api / 23634551207
100%

README BADGES
x