fix(deps): update dependency selfsigned to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
selfsigned	^3.0.1 → ^5.5.0

---

Release Notes

jfromaniello/selfsigned (selfsigned)

v5.5.0

Compare Source

v5.4.0

Compare Source

v5.2.0

Compare Source

v5.1.0

Compare Source

v5.0.0

Compare Source

🚀 Major Rewrite

Complete rewrite replacing node-forge with modern @peculiar/x509 and pkijs libraries.

✨ Added

• Native WebCrypto API support for better performance and security
• TypeScript examples in documentation
• Async/await support as the primary API
• Support for keyPair option to use existing keys
• Updated to use Node.js native crypto for all operations
• Separate selfsigned/pkcs7 module for tree-shakeable PKCS#7 support

💥 BREAKING CHANGES

1. Async-only API: The generate() function now returns a Promise. Synchronous generation has been removed.

   // Old (v4.x)
   const pems = selfsigned.generate(attrs, options);
   
   // New (v5.x)
   const pems = await selfsigned.generate(attrs, options);

2. No callback support: Callbacks have been completely removed in favor of Promises.

   // Old (v4.x)
   selfsigned.generate(attrs, options, function(err, pems) { ... });
   
   // New (v5.x)
   const pems = await selfsigned.generate(attrs, options);

3. Minimum Node.js version: Now requires Node.js >= 15.6.0 (was >= 10)

   • Required for native WebCrypto support

4. Dependencies changed:

   • ❌ Removed: node-forge (1.64 MB)
   • ✅ Added: @peculiar/x509 (551 KB) - 66% smaller!
   • ✅ Added: pkijs (1.94 MB, only for PKCS#7 support)
   • Bundle size reduced by 66% when not using PKCS#7

5. PKCS#7 API changed:

   • Old: const pems = await generate(attrs, { pkcs7: true }); pems.pkcs7
   • New: const { createPkcs7 } = require('selfsigned/pkcs7'); const pkcs7 = createPkcs7(pems.cert);
   • PKCS#7 is now a separate module for better tree-shaking

🔧 Changed

• Default key size remains 2048 bits (was incorrectly documented as 1024)
• PEM output uses \n line endings (was \r\n)
• Private keys now use PKCS#8 format (BEGIN PRIVATE KEY instead of BEGIN RSA PRIVATE KEY)
• Certificate generation is now fully async using native WebCrypto
• PKCS#7 is now tree-shakeable: Moved to separate selfsigned/pkcs7 module so bundlers can exclude it when not used

🐛 Fixed

• Default key size documentation corrected from 1024 to 2048 bits
• Improved error handling for certificate generation failures

📦 Dependencies

Removed:

• node-forge@^1.3.1
• @types/node-forge@^1.3.0

Added:

• @peculiar/x509@​^1.14.2 (required)
• pkijs@^3.3.3 (required, but tree-shakeable via separate selfsigned/pkcs7 module)

🔒 Security

• Now uses Node.js native WebCrypto API instead of JavaScript implementation
• Better integration with platform security features
• More secure random number generation

📚 Documentation

• Complete README rewrite with async/await examples
• Added migration guide from v4.x to v5.x
• Updated all code examples to use async/await
• Added requirements section highlighting Node.js version requirement

---

v4.0.1

Compare Source

v4.0.0

Compare Source

See git history for changes in 4.x and earlier versions.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 5.x releases. But if you manually upgrade to 5.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.