Conversation
…or port 8017. Add a second error message for test using SSL to confirm error when connecting to non-SSL REST service. Message probably changed for ML12 (not sure, but error message in test does not work).
MLE-24312: fix ssl tests
…by default load of FIPS-forbidden MD5 digest algorithm. Incorporate the source from the abandoned www-authenticate project and fix in place.
MLE-24397 - fix issue on Linux FIPS reported by consultant/customer a…
…n another commit.. Delete and re-add existing www-authenticate files to www-authenticate-patched. Change path for require for requester and tests. Changes to www-authenticate will be in subsequent commit, for tracking
…eption on FIPS-enabled systems when the www-authenticate module is loaded via require. The MD5 digester functions are already created on demand when using DIGEST authentication. Use Buffer.from rather than deprecated new Buffer constructor form. Move the Parser_Authenticate_Info prototype statement to after the definition of the function. Add copyright to all the files.
MLE-24397 - fix reported issue on Linux FIPS around exception caused by default load of FIPS-forbidden MD5 digest algorithm. Incorporate the source from the abandoned www-authenticate project and fix in place.
…tements, unused variables, and move return note_error line outside of the for loop, which was probably intended.
MLE-123456 - polaris fixes: remove unreachable break and continue sta…
anu3990
requested review from
BillFarber,
rjrudin and
stevebio
as code owners
There was a problem hiding this comment.
Pull Request Overview
A patch release (version 3.7.1) that addresses FIPS compliance by replacing the www-authenticate npm dependency with a patched local version to avoid MD5 hashing issues.
- Added patched local version of www-authenticate module to avoid FIPS MD5 compliance issues
- Updated test infrastructure to support port range expansion and better error handling
- Added FIPS-specific test to verify MD5 hash digester is not loaded by default
Reviewed Changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Version bump to 3.7.1, removed www-authenticate dependency, added tmp dev dependency |
| lib/requester.js | Updated import to use local patched www-authenticate module |
| lib/www-authenticate-patched/*.js | Added patched www-authenticate module files for FIPS compliance |
| test-basic/digestauth-fips-nomd5load.js | Added FIPS test to verify MD5 digester is not loaded on require |
| test-complete/nodejs-optic-from-sparql.js | Refactored version-specific logic for server configuration handling |
| test-basic/client.js | Enhanced error message matching for HTTPS/HTTP protocol mismatch |
| test-app/docker-compose*.yaml | Expanded port range from 8016 to 8017 |
| CHANGELOG.md | Added changelog entry for version 3.7.1 |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
rjrudin
approved these changes
Sep 25, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.