#123 Need to update jsprim due to vulnerability in json-schema (#125)

Reviewed by: BruceHaley <v-brucehaley@microsoft.com>
Reviewed by: Dan McDonald <danmcd@kebe.com>

Author: bahamat

CHANGES.md

@@ -4,85 +4,89 @@
 
 (nothing yet)
 
+## 1.3.6
+
+* Update jsprim due to vulnerability in json-schema (#123)
+
 ## 1.3.5
 
- - Add keyPassphrase option to signer (#115)
- - Add support for created and expires values (#110)
+* Add keyPassphrase option to signer (#115)
+* Add support for created and expires values (#110)
 
 ## 1.3.4
 
-- Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
+* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
   Authorization header (#102)
 
 ## 1.3.3
 
 **Bad release. Use 1.3.4.**
 
- - Add support for an opaque param in the Authorization header (#101)
- - Add support for adding the keyId and algorithm params into the signing string (#100)
+* Add support for an opaque param in the Authorization header (#101)
+* Add support for adding the keyId and algorithm params into the signing string (#100)
 
 ## 1.3.2
 
-- Allow Buffers to be used for verifyHMAC (#98)
+* Allow Buffers to be used for verifyHMAC (#98)
 
 ## 1.3.1
 
-- Fix node 0.10 usage (#90)
+* Fix node 0.10 usage (#90)
 
 ## 1.3.0
 
 **Known issue:** This release broken http-signature with node 0.10.
 
-- Bump dependency `sshpk`
-- Add `Signature` header support (#83)
+* Bump dependency `sshpk`
+* Add `Signature` header support (#83)
 
 ## 1.2.0
 
-- Bump dependency `assert-plus`
-- Add ability to pass a custom header name
-- Replaced dependency `node-uuid` with `uuid`
+* Bump dependency `assert-plus`
+* Add ability to pass a custom header name
+* Replaced dependency `node-uuid` with `uuid`
 
 ## 1.1.1
 
-- Version of dependency `assert-plus` updated: old version was missing
+* Version of dependency `assert-plus` updated: old version was missing
   some license information
-- Corrected examples in `http_signing.md`, added auto-tests to
+* Corrected examples in `http_signing.md`, added auto-tests to
   automatically validate these examples
 
 ## 1.1.0
 
-- Bump version of `sshpk` dependency, remove peerDependency on it since
+* Bump version of `sshpk` dependency, remove peerDependency on it since
   it now supports exchanging objects between multiple versions of itself
   where possible
 
 ## 1.0.2
 
-- Bump min version of `jsprim` dependency, to include fixes for using
+* Bump min version of `jsprim` dependency, to include fixes for using
   http-signature with `browserify`
 
 ## 1.0.1
 
-- Bump minimum version of `sshpk` dependency, to include fixes for
+* Bump minimum version of `sshpk` dependency, to include fixes for
   whitespace tolerance in key parsing.
 
 ## 1.0.0
 
-- First semver release.
-- #36: Ensure verifySignature does not leak useful timing information
-- #42: Bring the library up to the latest version of the spec (including the
+* First semver release.
+* #36: Ensure verifySignature does not leak useful timing information
+* #42: Bring the library up to the latest version of the spec (including the
        request-target changes)
-- Support for ECDSA keys and signatures.
-- Now uses `sshpk` for key parsing, validation and conversion.
-- Fixes for #21, #47, #39 and compatibility with node 0.8
+* Support for ECDSA keys and signatures.
+* Now uses `sshpk` for key parsing, validation and conversion.
+* Fixes for #21, #47, #39 and compatibility with node 0.8
 
 ## 0.11.0
 
-- Split up HMAC and Signature verification to avoid vulnerabilities where a
+* Split up HMAC and Signature verification to avoid vulnerabilities where a
   key intended for use with one can be validated against the other method
   instead.
 
 ## 0.10.2
 
-- Updated versions of most dependencies.
-- Utility functions exported for PEM => SSH-RSA conversion.
-- Improvements to tests and examples.
+* Updated versions of most dependencies.
+* Utility functions exported for PEM => SSH-RSA conversion.
+* Improvements to tests and examples.

Jenkinsfile

@@ -1,4 +1,4 @@
-@Library('jenkins-joylib@v1.0.2') _
+@Library('jenkins-joylib@v1.0.8') _
 
 pipeline {
 
@@ -80,7 +80,7 @@ pipeline {
 
     post {
         always {
-            joyMattermostNotification()
+            joySlackNotifications()
         }
     }
 }

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "http-signature",
   "description": "Reference implementation of Joyent's HTTP Signature scheme.",
-  "version": "1.3.5",
+  "version": "1.3.6",
   "license": "MIT",
   "author": "Joyent, Inc",
   "contributors": [
@@ -31,7 +31,7 @@
   },
   "dependencies": {
     "assert-plus": "^1.0.0",
-    "jsprim": "^1.2.2",
+    "jsprim": "^2.0.2",
     "sshpk": "^1.14.1"
   },
   "devDependencies": {