Update dependency node-forge to v1.4.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
node-forge	1.3.3 → 1.4.0

---

Release Notes

digitalbazaar/forge (node-forge)

v1.4.0

Compare Source

Security

• HIGH: Denial of Service in BigInteger.modInverse()
  • A Denial of Service (DoS) vulnerability exists due to an infinite loop in
    the BigInteger.modInverse() function (inherited from the bundled jsbn
    library). When modInverse() is called with a zero value as input, the
    internal Extended Euclidean Algorithm enters an unreachable exit condition,
    causing the process to hang indefinitely and consume 100% CPU.
  • Reported by Kr0emer.
  • CVE ID: CVE-2026-33891
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
  • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low
    public exponent keys (e=3). Attackers can forge signatures by stuffing
    "garbage" bytes within the ASN.1 structure in order to construct a
    signature that passes verification, enabling Bleichenbacher style forgery.
    This issue is similar to CVE-2022-24771, but adds bytes in an addition
    field within the ASN.1 structure, rather than outside of it.
  • Additionally, forge does not validate that signatures include a minimum of
    8 bytes of padding as defined by the specification, providing attackers
    additional space to construct Bleichenbacher forgeries.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33894
  • GHSA ID: GHSA-ppp5-5v6c-4jwp
• HIGH: Signature forgery in Ed25519 due to missing S < L check.
  • Ed25519 signature verification accepts forged non-canonical signatures
    where the scalar S is not reduced modulo the group order (S >= L). A valid
    signature and its S + L variant both verify in forge, while Node.js
    crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the
    specification. This class of signature malleability has been exploited in
    practice to bypass authentication and authorization logic (see
    CVE-2026-25793, CVE-2022-35961). Applications relying on signature
    uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object
    canonicalization checks) may be bypassed.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33895
  • GHSA ID: GHSA-q67f-28xg-22rw
• HIGH: basicConstraints bypass in certificate chain verification.
  • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints
    requirements when an intermediate certificate lacks both the
    basicConstraints and keyUsage extensions. This allows any leaf
    certificate (without these extensions) to act as a CA and sign other
    certificates, which node-forge will accept as valid.
  • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
  • CVE ID: CVE-2026-33896
  • GHSA ID: GHSA-2328-f5f3-gj25

Added

• [oid] Added requested OID:
  • 2.5.4.65 / pseudonym

Changed

• [jsbn] Update to jsbn 1.4. Sync partly back to original style for easier
  updates every decade or so.

Fixed

• [jsbn] Fix BigInteger.modInverse to avoid an infinite loop and exit early
  with zero when the target object value is <= 0. Zero may not be strictly
  mathematically correct but aligns with current jsbn behavior returning zero
  in other situations. The alternate of a RangeError would diverge from the
  rest of the API.
• [rsa] Fix padding length check according to RFC 2313 8.1 note 6. Padding is
  required to be eight octets for block types 1 and 2.
• [rsa] Fix RFC 8017 DigestInfo parsing to require a sequence length of two.
• [ed25519] Add canonical signature scaler check for S < L.
• [x590] Add chain verification check for absent basicConstraints on non-leaf
  certificates.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.