Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bitstring improvement and test coverage #270

Merged
merged 4 commits into from
Aug 23, 2024
Merged

fix: bitstring improvement and test coverage #270

merged 4 commits into from
Aug 23, 2024

Conversation

elribonazo
Copy link
Contributor

Description:

Adding test to validate bitstring and credential statusList can be verified by the sdk

Checklist:

  • My PR follows the contribution guidelines of this project
  • My PR is free of third-party dependencies that don't comply with the Allowlist
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked the PR title to follow the conventional commit specification

@elribonazo elribonazo requested a review from shotexa August 21, 2024 12:33
@github-actions GitHub Actions
Copy link 

# npm audit report

elliptic  2.0.0 - 6.5.6
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
No fix available
node_modules/@hyperledger/identus-apollo/node_modules/elliptic
node_modules/elliptic
  @hyperledger/identus-apollo  *
  Depends on vulnerable versions of elliptic
  node_modules/@hyperledger/identus-apollo

micromatch  *
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/micromatch
  find-yarn-workspace-root  *
  Depends on vulnerable versions of micromatch
  node_modules/find-yarn-workspace-root
    patch-package  >=6.1.0-0
    Depends on vulnerable versions of find-yarn-workspace-root
    node_modules/patch-package

5 vulnerabilities (2 low, 3 moderate)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

@github-actions GitHub Actions
Copy link 

# npm audit report

elliptic  2.0.0 - 6.5.6
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
No fix available
node_modules/@hyperledger/identus-apollo/node_modules/elliptic
node_modules/elliptic
  @hyperledger/identus-apollo  *
  Depends on vulnerable versions of elliptic
  node_modules/@hyperledger/identus-apollo

micromatch  *
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/micromatch
  find-yarn-workspace-root  *
  Depends on vulnerable versions of micromatch
  node_modules/find-yarn-workspace-root
    patch-package  >=6.1.0-0
    Depends on vulnerable versions of find-yarn-workspace-root
    node_modules/patch-package

5 vulnerabilities (2 low, 3 moderate)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

curtis-h
curtis-h approved these changes Aug 22, 2024
View reviewed changes
@elribonazo
fix: improve bitstring implementation
e7ff7f1 
Signed-off-by: Francisco Javier Ribo Labrador <[email protected]>
@elribonazo
fix: add test coverage for bitstring
eba0207 
Signed-off-by: Francisco Javier Ribo Labrador <[email protected]>
@elribonazo
fix: improve test coverage
94aff40 
Signed-off-by: Francisco Javier Ribo Labrador <[email protected]>
@elribonazo
fix: rename tests
0ffafe4 
Signed-off-by: Francisco Javier Ribo Labrador <[email protected]>
@github-actions GitHub Actions
Copy link 

# npm audit report

elliptic  2.0.0 - 6.5.6
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
No fix available
node_modules/@hyperledger/identus-apollo/node_modules/elliptic
node_modules/elliptic
  @hyperledger/identus-apollo  *
  Depends on vulnerable versions of elliptic
  node_modules/@hyperledger/identus-apollo

micromatch  *
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/micromatch
  find-yarn-workspace-root  *
  Depends on vulnerable versions of micromatch
  node_modules/find-yarn-workspace-root
    patch-package  >=6.1.0-0
    Depends on vulnerable versions of find-yarn-workspace-root
    node_modules/patch-package

5 vulnerabilities (2 low, 3 moderate)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

@elribonazo elribonazo merged commit dce65b5 into main Aug 23, 2024
4 of 5 checks passed
@elribonazo elribonazo deleted the fix/bitstring branch August 23, 2024 12:17
hyperledger-bot added a commit that referenced this pull request Sep 5, 2024
@hyperledger-bot
chore(release): release 6.1.0-rc.1
65a4323 
# [6.1.0-rc.1](v6.0.1...v6.1.0-rc.1) (2024-09-05)

### Bug Fixes

* bitstring improvement and test coverage ([#270](#270)) ([dce65b5](dce65b5))
* external build update for new generated code ([#264](#264)) ([460102a](460102a))
* main branchname in semantic release config ([#279](#279)) ([a6a72ff](a6a72ff))
* make mediator updateable in the nextjs demo ([#262](#262)) ([99df3c0](99df3c0))
* nextjs demo safeBody ([#263](#263)) ([0d09ea7](0d09ea7))
* noble-ciphers dependency ([#284](#284)) ([fabcc2c](fabcc2c))
* package dependencies found by mixmix ([#273](#273)) ([#275](#275)) ([82a50d3](82a50d3))
* rollup is not a optionalDependency, and is not included in our m… ([#269](#269)) ([9ea9d42](9ea9d42))

### Features

* Connectionless presentation ([#272](#272)) ([d43ec60](d43ec60))
* decoupling JWT from Pollux and adding KID header to JWTs ([#271](#271)) ([8a1ed3f](8a1ed3f))
* errors introducing error codes and refactoring Apollo errors ([#265](#265)) ([f99c565](f99c565))
hyperledger-bot added a commit that referenced this pull request Sep 11, 2024
@hyperledger-bot
chore(release): release 6.1.0
a800afe 
# [6.1.0](v6.0.1...v6.1.0) (2024-09-11)

### Bug Fixes

* bitstring improvement and test coverage ([#270](#270)) ([dce65b5](dce65b5))
* external build update for new generated code ([#264](#264)) ([460102a](460102a))
* main branchname in semantic release config ([#279](#279)) ([a6a72ff](a6a72ff))
* make mediator updateable in the nextjs demo ([#262](#262)) ([99df3c0](99df3c0))
* nextjs demo safeBody ([#263](#263)) ([0d09ea7](0d09ea7))
* noble-ciphers dependency ([#284](#284)) ([fabcc2c](fabcc2c))
* package dependencies found by mixmix ([#273](#273)) ([#275](#275)) ([82a50d3](82a50d3))
* rollup is not a optionalDependency, and is not included in our m… ([#269](#269)) ([9ea9d42](9ea9d42))
* update code-owners ([#281](#281)) ([b8409af](b8409af))

### Features

* Connectionless presentation ([#272](#272)) ([d43ec60](d43ec60))
* decoupling JWT from Pollux and adding KID header to JWTs ([#271](#271)) ([8a1ed3f](8a1ed3f))
* errors introducing error codes and refactoring Apollo errors ([#265](#265)) ([f99c565](f99c565))
hyperledger-bot added a commit that referenced this pull request Sep 12, 2024
@hyperledger-bot
chore(release): release 6.1.0
d8d84e6 
# [6.1.0](v6.0.1...v6.1.0) (2024-09-12)

### Bug Fixes

* bitstring improvement and test coverage ([#270](#270)) ([dce65b5](dce65b5))
* external build update for new generated code ([#264](#264)) ([460102a](460102a))
* main branchname in semantic release config ([#279](#279)) ([a6a72ff](a6a72ff))
* make mediator updateable in the nextjs demo ([#262](#262)) ([99df3c0](99df3c0))
* nextjs demo safeBody ([#263](#263)) ([0d09ea7](0d09ea7))
* noble-ciphers dependency ([#284](#284)) ([fabcc2c](fabcc2c))
* package dependencies found by mixmix ([#273](#273)) ([#275](#275)) ([82a50d3](82a50d3))
* rollup is not a optionalDependency, and is not included in our m… ([#269](#269)) ([9ea9d42](9ea9d42))
* update code-owners ([#281](#281)) ([b8409af](b8409af))

### Features

* Connectionless presentation ([#272](#272)) ([d43ec60](d43ec60))
* decoupling JWT from Pollux and adding KID header to JWTs ([#271](#271)) ([8a1ed3f](8a1ed3f))
* errors introducing error codes and refactoring Apollo errors ([#265](#265)) ([f99c565](f99c565))
hyperledger-bot added a commit that referenced this pull request Oct 4, 2024
@hyperledger-bot
chore(release): release 6.1.0
498b035 
# [6.1.0](v6.0.1...v6.1.0) (2024-10-04)

### Bug Fixes

* bitstring improvement and test coverage ([#270](#270)) ([dce65b5](dce65b5))
* e2e cucumber import ([#291](#291)) ([e569d79](e569d79))
* external build update for new generated code ([#264](#264)) ([460102a](460102a))
* main branchname in semantic release config ([#279](#279)) ([a6a72ff](a6a72ff))
* make mediator updateable in the nextjs demo ([#262](#262)) ([99df3c0](99df3c0))
* next generation building tools and testing framework ([#258](#258)) ([54ead35](54ead35))
* nextjs demo safeBody ([#263](#263)) ([0d09ea7](0d09ea7))
* noble-ciphers dependency ([#284](#284)) ([fabcc2c](fabcc2c))
* package dependencies found by mixmix ([#273](#273)) ([#275](#275)) ([82a50d3](82a50d3))
* rollup is not a optionalDependency, and is not included in our m… ([#269](#269)) ([9ea9d42](9ea9d42))
* sdk module resolution issues ([#290](#290)) ([f53d728](f53d728))
* update code-owners ([#281](#281)) ([b8409af](b8409af))

### Features

* Connectionless Offer ([#293](#293)) ([97e05e7](97e05e7))
* Connectionless presentation ([#272](#272)) ([d43ec60](d43ec60))
* decoupling JWT from Pollux and adding KID header to JWTs ([#271](#271)) ([8a1ed3f](8a1ed3f))
* errors introducing error codes and refactoring Apollo errors ([#265](#265)) ([f99c565](f99c565))
* integrating error reporting protocol  ([#289](#289)) ([02430db](02430db))
* OIDC Agent ([#278](#278)) ([295e14f](295e14f))
* separate DIDCommAgent and adding Tasks ([#277](#277)) ([3a8fd66](3a8fd66))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@curtis-h curtis-h curtis-h approved these changes

@amagyar-iohk amagyar-iohk Awaiting requested review from amagyar-iohk

@shotexa shotexa Awaiting requested review from shotexa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elribonazo @curtis-h