fix: security upgrade node-forge from 1.2.1 to 1.3.0 (#101)

snyk-bot · web-flow · commit a713a2b68663 · 2022-03-27T14:30:28.000+02:00
diff --git a/lib/credentials/certificate/parsePkcs12.js b/lib/credentials/certificate/parsePkcs12.js
@@ -21,9 +21,9 @@ function apnCredentialsFromPkcs12(p12Data, passphrase) {
     return undefined;
   }
 
-  const asn1 = forge.asn1.fromDer(p12Data.toString('binary'), false);
   let pkcs12;
   try {
+    const asn1 = forge.asn1.fromDer(p12Data.toString('binary'), false);
     pkcs12 = decryptPkcs12FromAsn1(asn1, passphrase);
   } catch (e) {
     if (e.message.match('Invalid password')) {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
   "dependencies": {
     "debug": "4.3.3",
     "jsonwebtoken": "8.5.1",
-    "node-forge": "1.2.1",
+    "node-forge": "1.3.0",
     "verror": "1.10.1"
   },
   "devDependencies": {
