cyberchef 10.24.0 → 11.1.0

package/.devcontainer/devcontainer.json

@@ -3,7 +3,7 @@
 {
 	"name": "CyberChef",
 	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
-	"image": "mcr.microsoft.com/devcontainers/javascript-node:1-18-bookworm",
+	"image": "mcr.microsoft.com/devcontainers/javascript-node:24-trixie",
 
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	"features": {

package/.nvmrc

@@ -1 +1 @@
-18
+24

package/CHANGELOG.md

@@ -13,6 +13,91 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [11.1.0] - 2026-06-13
+This release includes a security fix ([#2557])
+- Security: Add fix, and tests, for Lorem Ipsum DoS issue [@GCHQDeveloper581] | [#2557]
+- chore (deps): bump the patch-updates group with 4 updates  | [#2552]
+- chore (deps): bump the actions-dependencies group with 2 updates  | [#2551]
+- chore (deps): bump the docker-dependencies group with 2 updates  | [#2550]
+- chore (deps): bump protobufjs from 8.5.0 to 8.6.2 in the minor-updates group  | [#2553]
+- Security Policy Update [@C85297] | [#2547]
+- Fix spurious error messages generated during webpack build [@GCHQDeveloper581] | [#2545]
+- chore (deps): bump shell-quote from 1.8.3 to 1.8.4  | [#2543]
+- Implementing ROR13 feature [@Fufu-btw] | [#2539]
+- New operation improvements [@jl5193] [@GCHQDeveloper581] | [#1431]
+- Npm and yarn/major version updates [@GCHQDeveloper581] | [#2527]
+- Update README to reflect AES Decrypt changes [@andreasrtv] | [#2502]
+- feat: add Escape Smart Characters operation [@HarelKatz] | [#2391]
+- feat: Get AES IV from input (QoL) [@andreasrtv] | [#2471]
+- fix: validate text encoding options [@SyedIshmumAhnaf] | [#2497]
+- chore (deps): bump the minor-updates group with 5 updates [@GCHQDeveloper581] | [#2500]
+- chore (deps): bump the patch-updates group with 2 updates  | [#2499]
+- chore (deps): bump nginxinc/nginx-unprivileged from `df0e9ed` to `0a1e718` in the docker-dependencies group  | [#2498]
+- Add remove ANSI escape codes operation [@Louis-Ladd] [@GCHQDeveloper581] | [#2143]
+- Fix option ingredients being overwriten [@C85297] | [#2341]
+- chore (deps): bump qs and express  | [#2478]
+- chore (deps): bump tmp from 0.2.5 to 0.2.7  | [#2479]
+- chore (deps): bump the patch-updates group across 1 directory with 6 updates  | [#2463]
+- chore (deps): bump the docker-dependencies group across 1 directory with 2 updates  | [#2468]
+- chore (deps): bump terser from 5.46.2 to 5.48.0  | [#2385]
+- Make dependabot quieter [@GCHQDeveloper581] | [#2467]
+- update sitemap [@Blank0120] | [#2443]
+- Bump webpack-dev-server to 5.2.4 [@GCHQDeveloper581] | [#2417]
+- Fix pgp tests [@GCHQDeveloper581] [@C85297] | [#2461]
+- chore (deps): bump the patch-updates group across 1 directory with 4 updates  | [#2438]
+- chore (deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0  | [#2439]
+- chore (deps): bump docker/login-action from 4.1.0 to 4.2.0  | [#2441]
+- chore (deps): bump docker/metadata-action from 6.0.0 to 6.1.0  | [#2442]
+- update bson [@Blank0120] [@GCHQDeveloper581] | [#2425]
+- chore (deps): bump webpack from 5.106.2 to 5.107.1  | [#2428]
+- chore (deps): bump protobufjs from 7.5.8 to 7.6.0  | [#2429]
+- chore (deps): bump sql-formatter from 15.7.4 to 15.8.0  | [#2430]
+- chore (deps): bump docker/build-push-action from 7.1.0 to 7.2.0  | [#2431]
+- Fix flaky `npm run testui` [@lzandman] | [#2412]
+- Include git ref in website download zip name [@C85297] | [#2339]
+- Bump nginxinc/nginx-unprivileged from `808f784` to `b9f7ba1`  | [#2389]
+- Series Chart HTML Formatting fix [@C85297] | [#2403]
+- Parse Ethernet Frame HTML formatting fix [@C85297] | [#2402]
+- Parse IPv4 Header HTML formatting fix [@C85297] | [#2401]
+- Update chromedriver, and install corresponding chrome in workflows (fixes build) [@GCHQDeveloper581] | [#2387]
+- chore (deps): bump @codemirror/view from 6.41.1 to 6.43.0  | [#2384]
+- chore (deps): bump globals from 17.5.0 to 17.6.0  | [#2386]
+- chore (deps): bump the patch-updates group across 1 directory with 3 updates  | [#2388]
+- [StepSecurity] Apply security best practices [@GCHQDeveloper581] StepSecurity Bot <bot@stepsecurity.io> | [#2378]
+- Build docker container for arm v7 as well [@GCHQDeveloper581] | [#2379]
+- chore (deps): bump fast-uri from 3.1.0 to 3.1.2  | [#2372]
+- update bcryptjs [@C85297] [@GCHQDeveloper581] | [#2368]
+- chore (deps): bump picomatch from 2.3.1 to 2.3.2  | [#2370]
+- chore (deps): bump ip-address from 10.1.0 to 10.2.0  | [#2371]
+- chore (deps): bump axios from 1.15.0 to 1.16.0  | [#2369]
+- feat(operation-wrap): add new Wrap operation to format text at specified line width [@0xff1ce] | [#1882]
+- chore (deps): bump the patch-updates group across 1 directory with 5 updates  | [#2354]
+- chore (deps): bump docker/login-action from 3 to 4  | [#2363]
+- chore (deps): bump docker/setup-buildx-action from 3 to 4  | [#2364]
+- chore (deps): bump crazy-max/ghaction-github-pages from 3 to 5  | [#2365]
+- chore (deps): bump docker/metadata-action from 4 to 6  | [#2366]
+- chore (deps): bump docker/setup-qemu-action from 3 to 4  | [#2367]
+- Update dependabot for Node 24. [@GCHQDeveloper581] | [#2361]
+- chore (deps): bump uuid from 13.0.0 to 14.0.0  | [#2332]
+- chore (deps): bump webpack-bundle-analyzer from 5.2.0 to 5.3.0  | [#2353]
+- Fix all zeros after 16384 bytes with Blake3 [@zachbowden] [@GCHQDeveloper581] | [#2351]
+
+## [11.0.0] - 2026-04-28
+- Revert sitemap to v8.0.X to fix build/deploy on master [@GCHQDeveloper581] | [#2348]
+- Node version update from 22 to 24 [@lzandman] [@GCHQDeveloper581] | [#2347]
+- Fix XSS in Show Base64 offsets [@C85297] | [#2346]
+- Make compatible with node >=22 [@GCHQDeveloper581] | [#2273]
+- Fix(node): enable asynchronous operation support in Node.js API [@engin0223] [@GCHQDeveloper581] | [#2342]
+- Feature: Change to nginx-unprivileged image for better kubernetes support [@hsolberg] | [#1922]
+
+Breaking changes:
+- Minimum supported node version - now v24 (was v16)
+- Change of exported port on Docker Container - now 8080 (was 80)
+- Node API now exports "bake" and "execute" functions as async.
+
+<details>
+    <summary>Click to expand v10 minor versions</summary>
+
 ### [10.24.0] - 2026-04-27
 - Update CONTRIBUTING.md [@GCHQDeveloper581] | [#2333]
 - Fix, and link, Fernet tests [@GCHQDeveloper581] | [#2335]
@@ -277,6 +362,8 @@ All major and minor version changes will be documented in this file. Details of
 - Added 'Levenshtein Distance' operation [@mikecat] | [#1498]
 - Added 'Swap case' operation [@mikecat] | [#1499]
 
+</details>
+
 ## [10.0.0] - 2023-03-22
 - [Full details explained here](https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features)
 - Status bars added to the Input and Output [@n1474335] | [#1405]
@@ -620,6 +707,8 @@ All major and minor version changes will be documented in this file. Details of
 ## [4.0.0] - 2016-11-28
 -  Initial open source commit [@n1474335] | [b1d73a72](https://github.com/gchq/CyberChef/commit/b1d73a725dc7ab9fb7eb789296efd2b7e4b08306)
 
+[11.1.0]: https://github.com/gchq/CyberChef/releases/tag/v11.1.0
+[11.0.0]: https://github.com/gchq/CyberChef/releases/tag/v11.0.0
 [10.24.0]: https://github.com/gchq/CyberChef/releases/tag/v10.24.0
 [10.23.0]: https://github.com/gchq/CyberChef/releases/tag/v10.23.0
 [10.22.0]: https://github.com/gchq/CyberChef/releases/tag/v10.22.0
@@ -901,6 +990,17 @@ All major and minor version changes will be documented in this file. Details of
 [@BjoernAkAManf]: https://github.com/BjoernAkAManf
 [@ko80240]: https://github.com/ko80240
 [@BigYellowHammer]: https://github.com/BigYellowHammer
+[@hsolberg]: https://github.com/hsolberg
+[@lzandman]: https://github.com/lzandman
+[@engin0223]: https://github.com/engin0223
+[@Fufu-btw]: https://github.com/Fufu-btw
+[@jl5193]: https://github.com/jl5193
+[@andreasrtv]: https://github.com/andreasrtv
+[@HarelKatz]: https://github.com/HarelKatz
+[@SyedIshmumAhnaf]: https://github.com/SyedIshmumAhnaf
+[@Louis-Ladd]: https://github.com/Louis-Ladd
+[@Blank0120]: https://github.com/Blank0120
+[@zachbowden]: https://github.com/zachbowden
 
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
@@ -1192,4 +1292,76 @@ All major and minor version changes will be documented in this file. Details of
 [#2315]: https://github.com/gchq/CyberChef/pull/2315
 [#2313]: https://github.com/gchq/CyberChef/pull/2313
 [#2311]: https://github.com/gchq/CyberChef/pull/2311
+[#2348]: https://github.com/gchq/CyberChef/pull/2348
+[#2347]: https://github.com/gchq/CyberChef/pull/2347
+[#2346]: https://github.com/gchq/CyberChef/pull/2346
+[#2273]: https://github.com/gchq/CyberChef/pull/2273
+[#2342]: https://github.com/gchq/CyberChef/pull/2342
+[#1922]: https://github.com/gchq/CyberChef/pull/1922
+[#2557]: https://github.com/gchq/CyberChef/pull/2557
+[#2552]: https://github.com/gchq/CyberChef/pull/2552
+[#2551]: https://github.com/gchq/CyberChef/pull/2551
+[#2550]: https://github.com/gchq/CyberChef/pull/2550
+[#2553]: https://github.com/gchq/CyberChef/pull/2553
+[#2547]: https://github.com/gchq/CyberChef/pull/2547
+[#2545]: https://github.com/gchq/CyberChef/pull/2545
+[#2543]: https://github.com/gchq/CyberChef/pull/2543
+[#2539]: https://github.com/gchq/CyberChef/pull/2539
+[#1431]: https://github.com/gchq/CyberChef/pull/1431
+[#2527]: https://github.com/gchq/CyberChef/pull/2527
+[#2502]: https://github.com/gchq/CyberChef/pull/2502
+[#2391]: https://github.com/gchq/CyberChef/pull/2391
+[#2471]: https://github.com/gchq/CyberChef/pull/2471
+[#2497]: https://github.com/gchq/CyberChef/pull/2497
+[#2500]: https://github.com/gchq/CyberChef/pull/2500
+[#2499]: https://github.com/gchq/CyberChef/pull/2499
+[#2498]: https://github.com/gchq/CyberChef/pull/2498
+[#2143]: https://github.com/gchq/CyberChef/pull/2143
+[#2341]: https://github.com/gchq/CyberChef/pull/2341
+[#2478]: https://github.com/gchq/CyberChef/pull/2478
+[#2479]: https://github.com/gchq/CyberChef/pull/2479
+[#2463]: https://github.com/gchq/CyberChef/pull/2463
+[#2468]: https://github.com/gchq/CyberChef/pull/2468
+[#2385]: https://github.com/gchq/CyberChef/pull/2385
+[#2467]: https://github.com/gchq/CyberChef/pull/2467
+[#2443]: https://github.com/gchq/CyberChef/pull/2443
+[#2417]: https://github.com/gchq/CyberChef/pull/2417
+[#2461]: https://github.com/gchq/CyberChef/pull/2461
+[#2438]: https://github.com/gchq/CyberChef/pull/2438
+[#2439]: https://github.com/gchq/CyberChef/pull/2439
+[#2441]: https://github.com/gchq/CyberChef/pull/2441
+[#2442]: https://github.com/gchq/CyberChef/pull/2442
+[#2425]: https://github.com/gchq/CyberChef/pull/2425
+[#2428]: https://github.com/gchq/CyberChef/pull/2428
+[#2429]: https://github.com/gchq/CyberChef/pull/2429
+[#2430]: https://github.com/gchq/CyberChef/pull/2430
+[#2431]: https://github.com/gchq/CyberChef/pull/2431
+[#2412]: https://github.com/gchq/CyberChef/pull/2412
+[#2339]: https://github.com/gchq/CyberChef/pull/2339
+[#2389]: https://github.com/gchq/CyberChef/pull/2389
+[#2403]: https://github.com/gchq/CyberChef/pull/2403
+[#2402]: https://github.com/gchq/CyberChef/pull/2402
+[#2401]: https://github.com/gchq/CyberChef/pull/2401
+[#2387]: https://github.com/gchq/CyberChef/pull/2387
+[#2384]: https://github.com/gchq/CyberChef/pull/2384
+[#2386]: https://github.com/gchq/CyberChef/pull/2386
+[#2388]: https://github.com/gchq/CyberChef/pull/2388
+[#2378]: https://github.com/gchq/CyberChef/pull/2378
+[#2379]: https://github.com/gchq/CyberChef/pull/2379
+[#2372]: https://github.com/gchq/CyberChef/pull/2372
+[#2368]: https://github.com/gchq/CyberChef/pull/2368
+[#2370]: https://github.com/gchq/CyberChef/pull/2370
+[#2371]: https://github.com/gchq/CyberChef/pull/2371
+[#2369]: https://github.com/gchq/CyberChef/pull/2369
+[#1882]: https://github.com/gchq/CyberChef/pull/1882
+[#2354]: https://github.com/gchq/CyberChef/pull/2354
+[#2363]: https://github.com/gchq/CyberChef/pull/2363
+[#2364]: https://github.com/gchq/CyberChef/pull/2364
+[#2365]: https://github.com/gchq/CyberChef/pull/2365
+[#2366]: https://github.com/gchq/CyberChef/pull/2366
+[#2367]: https://github.com/gchq/CyberChef/pull/2367
+[#2361]: https://github.com/gchq/CyberChef/pull/2361
+[#2332]: https://github.com/gchq/CyberChef/pull/2332
+[#2353]: https://github.com/gchq/CyberChef/pull/2353
+[#2351]: https://github.com/gchq/CyberChef/pull/2351
 

package/Dockerfile

@@ -4,7 +4,7 @@
 # Modifier --platform=$BUILDPLATFORM limits the platform to "BUILDPLATFORM" during buildx multi-platform builds
 # This is because npm "chromedriver" package is not compatiable with all platforms
 # For more info see: https://docs.docker.com/build/building/multi-platform/#cross-compilation
-FROM --platform=$BUILDPLATFORM node:18-alpine AS builder
+FROM --platform=$BUILDPLATFORM node:24-alpine@sha256:fb71d01345f11b708a3553c66e7c74074f2d506400ea81973343d915cb64eef0 AS builder
 
 WORKDIR /app
 
@@ -27,7 +27,7 @@ RUN npm run build
 #########################################
 # Package static build files into nginx #
 #########################################
-FROM nginx:stable-alpine AS cyberchef
+FROM nginxinc/nginx-unprivileged:stable-alpine@sha256:37f356a5eba5d187365b4f59cd6cc29f1f922ad18146d554b576a80983377e6a AS cyberchef
 
 LABEL maintainer="GCHQ <oss@gchq.gov.uk>"
 

package/Gruntfile.js

@@ -6,7 +6,7 @@ const BundleAnalyzerPlugin = require("webpack-bundle-analyzer").BundleAnalyzerPl
 const glob = require("glob");
 const path = require("path");
 
-const nodeFlags = "--experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-warnings --no-deprecation";
+const nodeFlags = "--no-warnings --no-deprecation";
 
 /**
  * Grunt configuration for building the app in various formats.
@@ -89,6 +89,8 @@ module.exports = function (grunt) {
     const compileYear = grunt.template.today("UTC:yyyy"),
         compileTime = grunt.template.today("UTC:dd/mm/yyyy HH:MM:ss") + " UTC",
         pkg = grunt.file.readJSON("package.json"),
+        version = process.env.GITHUB_SHA || `v${pkg.version}`,
+        downloadZipFilename = `CyberChef_${version}.zip`,
         webpackConfig = require("./webpack.config.js"),
         BUILD_CONSTANTS = {
             COMPILE_YEAR: JSON.stringify(compileYear),
@@ -129,7 +131,9 @@ module.exports = function (grunt) {
                         chunks: ["main"],
                         compileYear: compileYear,
                         compileTime: compileTime,
-                        version: pkg.version,
+                        version: version,
+                        latestReleaseVersion: pkg.version,
+                        downloadZipFilename: downloadZipFilename,
                         minify: {
                             removeComments: true,
                             collapseWhitespace: true,
@@ -140,7 +144,8 @@ module.exports = function (grunt) {
                     new BundleAnalyzerPlugin({
                         analyzerMode: "static",
                         reportFilename: "BundleAnalyzerReport.html",
-                        openAnalyzer: false
+                        openAnalyzer: false,
+                        excludeAssets: /.*Worker.js/
                     }),
                 ]
             };
@@ -245,7 +250,7 @@ module.exports = function (grunt) {
                     "!build/prod/index.html",
                     "!build/prod/BundleAnalyzerReport.html",
                 ],
-                dest: `build/prod/CyberChef_v${pkg.version}.zip`
+                dest: `build/prod/${downloadZipFilename}`
             }
         },
         connect: {
@@ -333,12 +338,12 @@ module.exports = function (grunt) {
                     switch (process.platform) {
                         case "darwin":
                             return chainCommands([
-                                `shasum -a 256 build/prod/CyberChef_v${pkg.version}.zip | awk '{print $1;}' > build/prod/sha256digest.txt`,
+                                `shasum -a 256 build/prod/${downloadZipFilename} | awk '{print $1;}' > build/prod/sha256digest.txt`,
                                 `sed -i '' -e "s/DOWNLOAD_HASH_PLACEHOLDER/$(cat build/prod/sha256digest.txt)/" build/prod/index.html`
                             ]);
                         default:
                             return chainCommands([
-                                `sha256sum build/prod/CyberChef_v${pkg.version}.zip | awk '{print $1;}' > build/prod/sha256digest.txt`,
+                                `sha256sum build/prod/${downloadZipFilename} | awk '{print $1;}' > build/prod/sha256digest.txt`,
                                 `sed -i -e "s/DOWNLOAD_HASH_PLACEHOLDER/$(cat build/prod/sha256digest.txt)/" build/prod/index.html`
                             ]);
                     }

package/README.md

@@ -36,7 +36,7 @@ docker build --tag cyberchef --ulimit nofile=10000 .
 ```
 2. Run the docker container
 ```bash
-docker run -it -p 8080:80 cyberchef
+docker run -it -p 8080:8080 cyberchef
 ```
 3. Navigate to `http://localhost:8080` in your browser
 
@@ -45,7 +45,7 @@ docker run -it -p 8080:80 cyberchef
 If you prefer to skip the build process, you can use the pre-built image
 
 ```bash
-docker run -it -p 8080:80 ghcr.io/gchq/cyberchef:latest
+docker run -it -p 8080:8080 ghcr.io/gchq/cyberchef:latest
 ```
 
 Just like before, navigate to `http://localhost:8080` in your browser.
@@ -72,6 +72,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
  - [Carry out different operations on data of different types][8]
  - [Use parts of the input as arguments to operations][9]
  - [Perform AES decryption, extracting the IV from the beginning of the cipher stream][10]
+ - [A simpler way to perform the same AES Decryption][13]
  - [Automagically detect several layers of nested encoding][12]
 
 
@@ -120,7 +121,7 @@ CyberChef is built to support
 
 ## Node.js support
 
-CyberChef is built to fully support Node.js `v16`. For more information, see the ["Node API" wiki page](https://github.com/gchq/CyberChef/wiki/Node-API)
+CyberChef is built to fully support Node.js `v24`. For more information, see the ["Node API" wiki page](https://github.com/gchq/CyberChef/wiki/Node-API)
 
 
 ## Contributing
@@ -147,6 +148,7 @@ CyberChef is released under the [Apache 2.0 Licence](https://www.apache.org/lice
   [7]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA
   [8]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',false,'base64',10)To_Hex('Space')Return()Label('base64')To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA
   [9]: https://gchq.github.io/CyberChef/#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ
-  [10]: https://gchq.github.io/CyberChef/#recipe=Register('(.%7B32%7D)',true,false)Drop_bytes(0,32,false)AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D)&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg
+  [10]: https://gchq.github.io/CyberChef/#recipe=Register('(.%7B32%7D)',true,false,false)Drop_bytes(0,32,false)AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,16,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D,%7B'option':'Hex','string':''%7D,'Off')&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg
   [11]: https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'3a'%7D,'Standard',false)To_Hexdump(16,false,false)&input=VGhlIGFuc3dlciB0byB0aGUgdWx0aW1hdGUgcXVlc3Rpb24gb2YgbGlmZSwgdGhlIFVuaXZlcnNlLCBhbmQgZXZlcnl0aGluZyBpcyA0Mi4
   [12]: https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false)&input=V1VhZ3dzaWFlNm1QOGdOdENDTFVGcENwQ0IyNlJtQkRvREQ4UGFjZEFtekF6QlZqa0syUXN0RlhhS2hwQzZpVVM3UkhxWHJKdEZpc29SU2dvSjR3aGptMWFybTg2NHFhTnE0UmNmVW1MSHJjc0FhWmM1VFhDWWlmTmRnUzgzZ0RlZWpHWDQ2Z2FpTXl1QlY2RXNrSHQxc2NnSjg4eDJ0TlNvdFFEd2JHWTFtbUNvYjJBUkdGdkNLWU5xaU45aXBNcTFaVTFtZ2tkYk51R2NiNzZhUnRZV2hDR1VjOGc5M1VKdWRoYjhodHNoZVpud1RwZ3FoeDgzU1ZKU1pYTVhVakpUMnptcEM3dVhXdHVtcW9rYmRTaTg4WXRrV0RBYzFUb291aDJvSDRENGRkbU5LSldVRHBNd21uZ1VtSzE0eHdtb21jY1BRRTloTTE3MkFQblNxd3hkS1ExNzJSa2NBc3lzbm1qNWdHdFJtVk5OaDJzMzU5d3I2bVMyUVJQ
+  [13]: https://gchq.github.io/CyberChef/#recipe=AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,16,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D,%7B'option':'Hex','string':''%7D,'From%20start')&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg

package/SECURITY.md

@@ -2,25 +2,15 @@
 
 ## Supported Versions
 
-CyberChef is supported on a best endeavours basis. Patches will be applied to
-the latest version rather than retroactively to older versions. To ensure you
-are using the most secure version of CyberChef, please make sure you have the
-[latest release](https://github.com/gchq/CyberChef/releases/latest). The
-official [live demo](https://gchq.github.io/CyberChef/) is always up to date.
+CyberChef is supported on a best endeavours basis.
+Patches will be applied to the latest version rather than retroactively to older versions.
+To ensure you are using the most secure version of CyberChef, please make sure you have the [latest release](https://github.com/gchq/CyberChef/releases/latest). [The official website](https://gchq.github.io/CyberChef/) is always up to date.
 
 ## Reporting a Vulnerability
 
-In most scenarios, the most appropriate way to report a vulnerability is to
-[raise a new issue](https://github.com/gchq/CyberChef/issues/new/choose)
-describing the problem in as much detail as possible, ideally with examples.
-This will obviously be public. If you feel that the vulnerability is
-significant enough to warrant a private disclosure, please email
-[oss@gchq.gov.uk](mailto:oss@gchq.gov.uk) and
-[n1474335@gmail.com](mailto:n1474335@gmail.com).
+If you discover a vulnerability in CyberChef, please do not publicly disclose it, and do not create a GitHub issue.
 
-Disclosures of vulnerabilities in CyberChef are always welcomed. Whilst we aim
-to write clean and secure code free from bugs, we recognise that this is an open
-source project written by analysts in their spare time, relying on dozens of
-open source libraries that are modified and updated on a regular basis. We hope
-that the community will continue to support us as we endeavour to maintain and
-develop this tool together.
+Instead, send an email as soon as possible to [CyberChefSecurity@gchq.gov.uk](mailto:CyberChefSecurity@gchq.gov.uk).
+The report will be acknowledged and actioned urgently by the CyberChef maintainers.
+
+If you do not receive a timely acknowledgement, please notify [oss@gchq.gov.uk](mailto:oss@gchq.gov.uk) and [CyberChef@gchq.gov.uk](mailto:CyberChef@gchq.gov.uk) of your vulnerability report.

package/babel.config.js

@@ -16,6 +16,9 @@ module.exports = function(api) {
                     "regenerator": true
                 }
             ]
-        ]
+        ],
+        "generatorOpts": {
+            "importAttributesKeyword": "with"
+        }
     };
 };

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "cyberchef",
-  "version": "10.24.0",
+  "version": "11.1.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
-  "author": "n1474335 <n1474335@gmail.com>",
+  "author": "GCHQ <CyberChef@gchq.gov.uk>",
   "homepage": "https://gchq.github.io/CyberChef",
   "copyright": "Crown copyright 2016",
   "license": "Apache-2.0",
@@ -36,33 +36,34 @@
   "browserslist": [
     "Chrome >= 50",
     "Firefox >= 38",
-    "node >= 16"
+    "node >= 24"
   ],
   "devDependencies": {
-    "@babel/eslint-parser": "^7.28.6",
+    "@babel/eslint-parser": "^7.29.7",
     "@babel/plugin-syntax-import-assertions": "^7.28.6",
-    "@babel/plugin-transform-runtime": "^7.29.0",
-    "@babel/preset-env": "^7.29.2",
-    "@babel/runtime": "^7.29.2",
+    "@babel/plugin-transform-runtime": "^7.29.7",
+    "@babel/preset-env": "^7.29.7",
+    "@babel/runtime": "^7.29.7",
     "@codemirror/commands": "^6.10.3",
     "@codemirror/language": "^6.12.3",
     "@codemirror/search": "^6.7.0",
     "@codemirror/state": "^6.5.4",
-    "@codemirror/view": "^6.41.1",
+    "@codemirror/view": "^6.43.1",
+    "@puppeteer/browsers": "3.0.4",
     "autoprefixer": "^10.5.0",
     "babel-loader": "^10.1.1",
     "base64-loader": "^1.0.0",
-    "chromedriver": "^146.0.6",
+    "chromedriver": "^148.0.4",
     "cli-progress": "^3.12.0",
     "colors": "^1.4.0",
-    "compression-webpack-plugin": "^11.1.0",
-    "copy-webpack-plugin": "^13.0.1",
+    "compression-webpack-plugin": "^12.0.0",
+    "copy-webpack-plugin": "^14.0.0",
     "core-js": "^3.49.0",
-    "cspell": "^8.19.4",
-    "css-loader": "7.1.4",
+    "cspell": "^10.0.1",
+    "css-loader": "^7.1.4",
     "eslint": "^9.39.4",
     "eslint-plugin-jsdoc": "^50.8.0",
-    "globals": "^15.15.0",
+    "globals": "^17.6.0",
     "grunt": "^1.6.2",
     "grunt-chmod": "~1.1.1",
     "grunt-concurrent": "^3.0.0",
@@ -70,25 +71,25 @@
     "grunt-contrib-connect": "^5.0.1",
     "grunt-contrib-copy": "~1.0.0",
     "grunt-contrib-watch": "^1.1.0",
-    "grunt-eslint": "^25.0.0",
+    "grunt-eslint": "^26.0.0",
     "grunt-exec": "~3.0.0",
-    "grunt-webpack": "^6.0.0",
+    "grunt-webpack": "^8.0.0",
     "grunt-zip": "^1.0.0",
     "html-webpack-plugin": "^5.6.7",
     "imports-loader": "^5.0.0",
     "mini-css-extract-plugin": "2.10.2",
     "modify-source-webpack-plugin": "^4.1.0",
-    "nightwatch": "^3.15.0",
-    "postcss": "^8.5.10",
+    "nightwatch": "^3.16.0",
+    "postcss": "^8.5.15",
     "postcss-css-variables": "^0.19.0",
     "postcss-import": "^16.1.1",
     "postcss-loader": "^8.2.1",
     "prompt": "^1.3.0",
-    "sitemap": "^8.0.3",
-    "terser": "^5.46.2",
-    "webpack": "^5.106.2",
-    "webpack-bundle-analyzer": "^4.10.2",
-    "webpack-dev-server": "5.0.4",
+    "sitemap": "^9.0.1",
+    "terser": "^5.48.0",
+    "webpack": "^5.107.2",
+    "webpack-bundle-analyzer": "^5.3.0",
+    "webpack-dev-server": "^5.2.4",
     "webpack-node-externals": "^3.0.0",
     "worker-loader": "^3.0.8"
   },
@@ -96,22 +97,23 @@
     "@alexaltea/capstone-js": "^3.0.5",
     "@astronautlabs/amf": "^0.0.6",
     "@blu3r4y/lzma": "^2.3.3",
+    "@noble/hashes": "2.2.0",
     "@wavesenterprise/crypto-gost-js": "^2.1.0-RC1",
     "@xmldom/xmldom": "^0.8.13",
     "argon2-browser": "^1.18.0",
     "arrive": "^2.5.3",
     "assert": "^2.1.0",
     "avsc": "^5.7.9",
-    "bcryptjs": "^2.4.3",
-    "bignumber.js": "^9.3.1",
+    "bcryptjs": "^3.0.3",
+    "bignumber.js": "^11.1.3",
     "blakejs": "^1.2.1",
     "bootstrap": "4.6.2",
     "bootstrap-colorpicker": "^3.4.0",
     "bootstrap-material-design": "^4.1.3",
     "browserify-zlib": "^0.2.0",
-    "bson": "^4.7.2",
+    "bson": "^7.2.0",
     "buffer": "^6.0.3",
-    "cbor": "9.0.2",
+    "cbor": "10.0.12",
     "chi-squared": "^1.1.0",
     "codepage": "^1.15.0",
     "crypto-api": "^0.8.5",
@@ -120,8 +122,8 @@
     "ctph.js": "0.0.5",
     "d3": "7.9.0",
     "d3-hexbin": "^0.2.2",
-    "diff": "^5.2.2",
-    "dompurify": "^3.4.1",
+    "diff": "^9.0.0",
+    "dompurify": "^3.4.8",
     "es6-promisify": "^7.0.0",
     "escodegen": "^2.1.0",
     "esprima": "^4.0.1",
@@ -132,7 +134,6 @@
     "flat": "^6.0.1",
     "geodesy": "1.1.3",
     "handlebars": "^4.7.9",
-    "hash-wasm": "^4.12.0",
     "highlight.js": "^11.11.1",
     "ieee754": "^1.2.1",
     "jimp": "1.6.0",
@@ -141,7 +142,7 @@
     "js-sha3": "^0.9.3",
     "jsesc": "^3.1.0",
     "json5": "^2.2.3",
-    "jsonata": "^2.1.0",
+    "jsonata": "^2.2.1",
     "jsonpath-plus": "^10.4.0",
     "jsonwebtoken": "9.0.3",
     "jsqr": "^1.4.0",
@@ -154,9 +155,9 @@
     "loglevel-message-prefix": "^3.0.0",
     "lz-string": "^1.5.0",
     "lz4js": "^0.2.0",
-    "markdown-it": "^14.1.1",
+    "markdown-it": "^14.2.0",
     "moment": "^2.30.1",
-    "moment-timezone": "^0.6.1",
+    "moment-timezone": "^0.6.2",
     "ngeohash": "^0.6.3",
     "node-forge": "^1.4.0",
     "node-md6": "^0.1.0",
@@ -164,11 +165,12 @@
     "notepack.io": "^3.0.1",
     "ntlm": "^0.1.3",
     "nwmatcher": "^1.4.4",
-    "otpauth": "9.3.6",
+    "otpauth": "^9.5.0",
     "path": "^0.12.7",
     "popper.js": "^1.16.1",
     "process": "^0.11.10",
-    "protobufjs": "^7.5.5",
+    "protobufjs": "^8.6.2",
+    "punycode.js": "^2.3.1",
     "qr-image": "^3.2.0",
     "reflect-metadata": "^0.2.2",
     "rison": "^0.1.1",
@@ -176,15 +178,15 @@
     "snackbarjs": "^1.1.0",
     "sortablejs": "^1.15.7",
     "split.js": "^1.6.5",
-    "sql-formatter": "^15.7.3",
+    "sql-formatter": "^15.8.1",
     "ssdeep.js": "0.0.3",
     "stream-browserify": "^3.0.0",
-    "tesseract.js": "^6.0.1",
-    "ua-parser-js": "^1.0.41",
+    "tesseract.js": "^7.0.0",
+    "ua-parser-js": "^2.0.10",
     "unorm": "^1.6.0",
     "url": "^0.11.4",
     "utf8": "^3.0.0",
-    "uuid": "^13.0.0",
+    "uuid": "^14.0.0",
     "vkbeautify": "^0.99.3",
     "xpath": "0.0.34",
     "xregexp": "^5.1.2",
@@ -194,18 +196,21 @@
     "start": "npx grunt dev",
     "build": "npx grunt prod",
     "node": "npx grunt node",
-    "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-experimental-fetch --no-warnings src/node/repl.mjs",
-    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch --trace-uncaught tests/operations/index.mjs",
+    "repl": "node --no-warnings src/node/repl.mjs",
+    "test": "npx grunt configTests && node --no-warnings --no-deprecation --openssl-legacy-provider tests/node/index.mjs && node --no-warnings --no-deprecation --openssl-legacy-provider --trace-uncaught tests/operations/index.mjs",
     "testnodeconsumer": "npx grunt testnodeconsumer",
     "testui": "npx grunt testui",
     "testuidev": "npx nightwatch --env=dev",
     "lint": "npx grunt lint",
     "lint:grammar": "cspell ./src",
     "postinstall": "npx grunt exec:fixCryptoApiImports && npx grunt exec:fixSnackbarMarkup",
-    "newop": "node --experimental-modules --experimental-json-modules src/core/config/scripts/newOperation.mjs",
-    "minor": "node --experimental-modules --experimental-json-modules src/core/config/scripts/newMinorVersion.mjs && npm version minor --git-tag-version=false && echo \"Updated to version v$(npm pkg get version | xargs), please create a pull request and once merged use 'npm run tag'\"",
+    "newop": "node src/core/config/scripts/newOperation.mjs",
+    "minor": "node src/core/config/scripts/newMinorVersion.mjs && npm version minor --git-tag-version=false && echo \"Updated to version v$(npm pkg get version | xargs), please create a pull request and once merged use 'npm run tag'\"",
     "tag": "git tag -s \"v$(npm pkg get version | xargs)\" -m \"$(npm pkg get version | xargs)\" && echo \"Created v$(npm pkg get version | xargs), now check and push the tag\"",
     "getheapsize": "node -e 'console.log(`node heap limit = ${require(\"v8\").getHeapStatistics().heap_size_limit / (1024 * 1024)} Mb`)'",
     "setheapsize": "export NODE_OPTIONS=--max_old_space_size=2048"
+  },
+  "engines": {
+    "node": ">=24 <25"
   }
 }

package/src/core/ChefWorker.js

@@ -7,7 +7,7 @@
  */
 
 import Chef from "./Chef.mjs";
-import OperationConfig from "./config/OperationConfig.json" assert {type: "json"};
+import OperationConfig from "./config/OperationConfig.json" with { type: "json" };
 import OpModules from "./config/modules/OpModules.mjs";
 import loglevelMessagePrefix from "loglevel-message-prefix";
 

package/src/core/Recipe.mjs

@@ -4,7 +4,7 @@
  * @license Apache-2.0
  */
 
-import OperationConfig from "./config/OperationConfig.json" assert {type: "json"};
+import OperationConfig from "./config/OperationConfig.json" with { type: "json" };
 import OperationError from "./errors/OperationError.mjs";
 import Operation from "./Operation.mjs";
 import DishError from "./errors/DishError.mjs";