cyberchef 11.0.0 → 11.1.0

package/CHANGELOG.md

@@ -13,6 +13,75 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [11.1.0] - 2026-06-13
+This release includes a security fix ([#2557])
+- Security: Add fix, and tests, for Lorem Ipsum DoS issue [@GCHQDeveloper581] | [#2557]
+- chore (deps): bump the patch-updates group with 4 updates  | [#2552]
+- chore (deps): bump the actions-dependencies group with 2 updates  | [#2551]
+- chore (deps): bump the docker-dependencies group with 2 updates  | [#2550]
+- chore (deps): bump protobufjs from 8.5.0 to 8.6.2 in the minor-updates group  | [#2553]
+- Security Policy Update [@C85297] | [#2547]
+- Fix spurious error messages generated during webpack build [@GCHQDeveloper581] | [#2545]
+- chore (deps): bump shell-quote from 1.8.3 to 1.8.4  | [#2543]
+- Implementing ROR13 feature [@Fufu-btw] | [#2539]
+- New operation improvements [@jl5193] [@GCHQDeveloper581] | [#1431]
+- Npm and yarn/major version updates [@GCHQDeveloper581] | [#2527]
+- Update README to reflect AES Decrypt changes [@andreasrtv] | [#2502]
+- feat: add Escape Smart Characters operation [@HarelKatz] | [#2391]
+- feat: Get AES IV from input (QoL) [@andreasrtv] | [#2471]
+- fix: validate text encoding options [@SyedIshmumAhnaf] | [#2497]
+- chore (deps): bump the minor-updates group with 5 updates [@GCHQDeveloper581] | [#2500]
+- chore (deps): bump the patch-updates group with 2 updates  | [#2499]
+- chore (deps): bump nginxinc/nginx-unprivileged from `df0e9ed` to `0a1e718` in the docker-dependencies group  | [#2498]
+- Add remove ANSI escape codes operation [@Louis-Ladd] [@GCHQDeveloper581] | [#2143]
+- Fix option ingredients being overwriten [@C85297] | [#2341]
+- chore (deps): bump qs and express  | [#2478]
+- chore (deps): bump tmp from 0.2.5 to 0.2.7  | [#2479]
+- chore (deps): bump the patch-updates group across 1 directory with 6 updates  | [#2463]
+- chore (deps): bump the docker-dependencies group across 1 directory with 2 updates  | [#2468]
+- chore (deps): bump terser from 5.46.2 to 5.48.0  | [#2385]
+- Make dependabot quieter [@GCHQDeveloper581] | [#2467]
+- update sitemap [@Blank0120] | [#2443]
+- Bump webpack-dev-server to 5.2.4 [@GCHQDeveloper581] | [#2417]
+- Fix pgp tests [@GCHQDeveloper581] [@C85297] | [#2461]
+- chore (deps): bump the patch-updates group across 1 directory with 4 updates  | [#2438]
+- chore (deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0  | [#2439]
+- chore (deps): bump docker/login-action from 4.1.0 to 4.2.0  | [#2441]
+- chore (deps): bump docker/metadata-action from 6.0.0 to 6.1.0  | [#2442]
+- update bson [@Blank0120] [@GCHQDeveloper581] | [#2425]
+- chore (deps): bump webpack from 5.106.2 to 5.107.1  | [#2428]
+- chore (deps): bump protobufjs from 7.5.8 to 7.6.0  | [#2429]
+- chore (deps): bump sql-formatter from 15.7.4 to 15.8.0  | [#2430]
+- chore (deps): bump docker/build-push-action from 7.1.0 to 7.2.0  | [#2431]
+- Fix flaky `npm run testui` [@lzandman] | [#2412]
+- Include git ref in website download zip name [@C85297] | [#2339]
+- Bump nginxinc/nginx-unprivileged from `808f784` to `b9f7ba1`  | [#2389]
+- Series Chart HTML Formatting fix [@C85297] | [#2403]
+- Parse Ethernet Frame HTML formatting fix [@C85297] | [#2402]
+- Parse IPv4 Header HTML formatting fix [@C85297] | [#2401]
+- Update chromedriver, and install corresponding chrome in workflows (fixes build) [@GCHQDeveloper581] | [#2387]
+- chore (deps): bump @codemirror/view from 6.41.1 to 6.43.0  | [#2384]
+- chore (deps): bump globals from 17.5.0 to 17.6.0  | [#2386]
+- chore (deps): bump the patch-updates group across 1 directory with 3 updates  | [#2388]
+- [StepSecurity] Apply security best practices [@GCHQDeveloper581] StepSecurity Bot <bot@stepsecurity.io> | [#2378]
+- Build docker container for arm v7 as well [@GCHQDeveloper581] | [#2379]
+- chore (deps): bump fast-uri from 3.1.0 to 3.1.2  | [#2372]
+- update bcryptjs [@C85297] [@GCHQDeveloper581] | [#2368]
+- chore (deps): bump picomatch from 2.3.1 to 2.3.2  | [#2370]
+- chore (deps): bump ip-address from 10.1.0 to 10.2.0  | [#2371]
+- chore (deps): bump axios from 1.15.0 to 1.16.0  | [#2369]
+- feat(operation-wrap): add new Wrap operation to format text at specified line width [@0xff1ce] | [#1882]
+- chore (deps): bump the patch-updates group across 1 directory with 5 updates  | [#2354]
+- chore (deps): bump docker/login-action from 3 to 4  | [#2363]
+- chore (deps): bump docker/setup-buildx-action from 3 to 4  | [#2364]
+- chore (deps): bump crazy-max/ghaction-github-pages from 3 to 5  | [#2365]
+- chore (deps): bump docker/metadata-action from 4 to 6  | [#2366]
+- chore (deps): bump docker/setup-qemu-action from 3 to 4  | [#2367]
+- Update dependabot for Node 24. [@GCHQDeveloper581] | [#2361]
+- chore (deps): bump uuid from 13.0.0 to 14.0.0  | [#2332]
+- chore (deps): bump webpack-bundle-analyzer from 5.2.0 to 5.3.0  | [#2353]
+- Fix all zeros after 16384 bytes with Blake3 [@zachbowden] [@GCHQDeveloper581] | [#2351]
+
 ## [11.0.0] - 2026-04-28
 - Revert sitemap to v8.0.X to fix build/deploy on master [@GCHQDeveloper581] | [#2348]
 - Node version update from 22 to 24 [@lzandman] [@GCHQDeveloper581] | [#2347]
@@ -638,6 +707,7 @@ Breaking changes:
 ## [4.0.0] - 2016-11-28
 -  Initial open source commit [@n1474335] | [b1d73a72](https://github.com/gchq/CyberChef/commit/b1d73a725dc7ab9fb7eb789296efd2b7e4b08306)
 
+[11.1.0]: https://github.com/gchq/CyberChef/releases/tag/v11.1.0
 [11.0.0]: https://github.com/gchq/CyberChef/releases/tag/v11.0.0
 [10.24.0]: https://github.com/gchq/CyberChef/releases/tag/v10.24.0
 [10.23.0]: https://github.com/gchq/CyberChef/releases/tag/v10.23.0
@@ -923,6 +993,14 @@ Breaking changes:
 [@hsolberg]: https://github.com/hsolberg
 [@lzandman]: https://github.com/lzandman
 [@engin0223]: https://github.com/engin0223
+[@Fufu-btw]: https://github.com/Fufu-btw
+[@jl5193]: https://github.com/jl5193
+[@andreasrtv]: https://github.com/andreasrtv
+[@HarelKatz]: https://github.com/HarelKatz
+[@SyedIshmumAhnaf]: https://github.com/SyedIshmumAhnaf
+[@Louis-Ladd]: https://github.com/Louis-Ladd
+[@Blank0120]: https://github.com/Blank0120
+[@zachbowden]: https://github.com/zachbowden
 
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
@@ -1220,4 +1298,70 @@ Breaking changes:
 [#2273]: https://github.com/gchq/CyberChef/pull/2273
 [#2342]: https://github.com/gchq/CyberChef/pull/2342
 [#1922]: https://github.com/gchq/CyberChef/pull/1922
+[#2557]: https://github.com/gchq/CyberChef/pull/2557
+[#2552]: https://github.com/gchq/CyberChef/pull/2552
+[#2551]: https://github.com/gchq/CyberChef/pull/2551
+[#2550]: https://github.com/gchq/CyberChef/pull/2550
+[#2553]: https://github.com/gchq/CyberChef/pull/2553
+[#2547]: https://github.com/gchq/CyberChef/pull/2547
+[#2545]: https://github.com/gchq/CyberChef/pull/2545
+[#2543]: https://github.com/gchq/CyberChef/pull/2543
+[#2539]: https://github.com/gchq/CyberChef/pull/2539
+[#1431]: https://github.com/gchq/CyberChef/pull/1431
+[#2527]: https://github.com/gchq/CyberChef/pull/2527
+[#2502]: https://github.com/gchq/CyberChef/pull/2502
+[#2391]: https://github.com/gchq/CyberChef/pull/2391
+[#2471]: https://github.com/gchq/CyberChef/pull/2471
+[#2497]: https://github.com/gchq/CyberChef/pull/2497
+[#2500]: https://github.com/gchq/CyberChef/pull/2500
+[#2499]: https://github.com/gchq/CyberChef/pull/2499
+[#2498]: https://github.com/gchq/CyberChef/pull/2498
+[#2143]: https://github.com/gchq/CyberChef/pull/2143
+[#2341]: https://github.com/gchq/CyberChef/pull/2341
+[#2478]: https://github.com/gchq/CyberChef/pull/2478
+[#2479]: https://github.com/gchq/CyberChef/pull/2479
+[#2463]: https://github.com/gchq/CyberChef/pull/2463
+[#2468]: https://github.com/gchq/CyberChef/pull/2468
+[#2385]: https://github.com/gchq/CyberChef/pull/2385
+[#2467]: https://github.com/gchq/CyberChef/pull/2467
+[#2443]: https://github.com/gchq/CyberChef/pull/2443
+[#2417]: https://github.com/gchq/CyberChef/pull/2417
+[#2461]: https://github.com/gchq/CyberChef/pull/2461
+[#2438]: https://github.com/gchq/CyberChef/pull/2438
+[#2439]: https://github.com/gchq/CyberChef/pull/2439
+[#2441]: https://github.com/gchq/CyberChef/pull/2441
+[#2442]: https://github.com/gchq/CyberChef/pull/2442
+[#2425]: https://github.com/gchq/CyberChef/pull/2425
+[#2428]: https://github.com/gchq/CyberChef/pull/2428
+[#2429]: https://github.com/gchq/CyberChef/pull/2429
+[#2430]: https://github.com/gchq/CyberChef/pull/2430
+[#2431]: https://github.com/gchq/CyberChef/pull/2431
+[#2412]: https://github.com/gchq/CyberChef/pull/2412
+[#2339]: https://github.com/gchq/CyberChef/pull/2339
+[#2389]: https://github.com/gchq/CyberChef/pull/2389
+[#2403]: https://github.com/gchq/CyberChef/pull/2403
+[#2402]: https://github.com/gchq/CyberChef/pull/2402
+[#2401]: https://github.com/gchq/CyberChef/pull/2401
+[#2387]: https://github.com/gchq/CyberChef/pull/2387
+[#2384]: https://github.com/gchq/CyberChef/pull/2384
+[#2386]: https://github.com/gchq/CyberChef/pull/2386
+[#2388]: https://github.com/gchq/CyberChef/pull/2388
+[#2378]: https://github.com/gchq/CyberChef/pull/2378
+[#2379]: https://github.com/gchq/CyberChef/pull/2379
+[#2372]: https://github.com/gchq/CyberChef/pull/2372
+[#2368]: https://github.com/gchq/CyberChef/pull/2368
+[#2370]: https://github.com/gchq/CyberChef/pull/2370
+[#2371]: https://github.com/gchq/CyberChef/pull/2371
+[#2369]: https://github.com/gchq/CyberChef/pull/2369
+[#1882]: https://github.com/gchq/CyberChef/pull/1882
+[#2354]: https://github.com/gchq/CyberChef/pull/2354
+[#2363]: https://github.com/gchq/CyberChef/pull/2363
+[#2364]: https://github.com/gchq/CyberChef/pull/2364
+[#2365]: https://github.com/gchq/CyberChef/pull/2365
+[#2366]: https://github.com/gchq/CyberChef/pull/2366
+[#2367]: https://github.com/gchq/CyberChef/pull/2367
+[#2361]: https://github.com/gchq/CyberChef/pull/2361
+[#2332]: https://github.com/gchq/CyberChef/pull/2332
+[#2353]: https://github.com/gchq/CyberChef/pull/2353
+[#2351]: https://github.com/gchq/CyberChef/pull/2351
 

package/Dockerfile

@@ -4,7 +4,7 @@
 # Modifier --platform=$BUILDPLATFORM limits the platform to "BUILDPLATFORM" during buildx multi-platform builds
 # This is because npm "chromedriver" package is not compatiable with all platforms
 # For more info see: https://docs.docker.com/build/building/multi-platform/#cross-compilation
-FROM --platform=$BUILDPLATFORM node:24-alpine AS builder
+FROM --platform=$BUILDPLATFORM node:24-alpine@sha256:fb71d01345f11b708a3553c66e7c74074f2d506400ea81973343d915cb64eef0 AS builder
 
 WORKDIR /app
 
@@ -27,7 +27,7 @@ RUN npm run build
 #########################################
 # Package static build files into nginx #
 #########################################
-FROM nginxinc/nginx-unprivileged:stable-alpine AS cyberchef
+FROM nginxinc/nginx-unprivileged:stable-alpine@sha256:37f356a5eba5d187365b4f59cd6cc29f1f922ad18146d554b576a80983377e6a AS cyberchef
 
 LABEL maintainer="GCHQ <oss@gchq.gov.uk>"
 

package/Gruntfile.js

@@ -89,6 +89,8 @@ module.exports = function (grunt) {
     const compileYear = grunt.template.today("UTC:yyyy"),
         compileTime = grunt.template.today("UTC:dd/mm/yyyy HH:MM:ss") + " UTC",
         pkg = grunt.file.readJSON("package.json"),
+        version = process.env.GITHUB_SHA || `v${pkg.version}`,
+        downloadZipFilename = `CyberChef_${version}.zip`,
         webpackConfig = require("./webpack.config.js"),
         BUILD_CONSTANTS = {
             COMPILE_YEAR: JSON.stringify(compileYear),
@@ -129,7 +131,9 @@ module.exports = function (grunt) {
                         chunks: ["main"],
                         compileYear: compileYear,
                         compileTime: compileTime,
-                        version: pkg.version,
+                        version: version,
+                        latestReleaseVersion: pkg.version,
+                        downloadZipFilename: downloadZipFilename,
                         minify: {
                             removeComments: true,
                             collapseWhitespace: true,
@@ -140,7 +144,8 @@ module.exports = function (grunt) {
                     new BundleAnalyzerPlugin({
                         analyzerMode: "static",
                         reportFilename: "BundleAnalyzerReport.html",
-                        openAnalyzer: false
+                        openAnalyzer: false,
+                        excludeAssets: /.*Worker.js/
                     }),
                 ]
             };
@@ -245,7 +250,7 @@ module.exports = function (grunt) {
                     "!build/prod/index.html",
                     "!build/prod/BundleAnalyzerReport.html",
                 ],
-                dest: `build/prod/CyberChef_v${pkg.version}.zip`
+                dest: `build/prod/${downloadZipFilename}`
             }
         },
         connect: {
@@ -333,12 +338,12 @@ module.exports = function (grunt) {
                     switch (process.platform) {
                         case "darwin":
                             return chainCommands([
-                                `shasum -a 256 build/prod/CyberChef_v${pkg.version}.zip | awk '{print $1;}' > build/prod/sha256digest.txt`,
+                                `shasum -a 256 build/prod/${downloadZipFilename} | awk '{print $1;}' > build/prod/sha256digest.txt`,
                                 `sed -i '' -e "s/DOWNLOAD_HASH_PLACEHOLDER/$(cat build/prod/sha256digest.txt)/" build/prod/index.html`
                             ]);
                         default:
                             return chainCommands([
-                                `sha256sum build/prod/CyberChef_v${pkg.version}.zip | awk '{print $1;}' > build/prod/sha256digest.txt`,
+                                `sha256sum build/prod/${downloadZipFilename} | awk '{print $1;}' > build/prod/sha256digest.txt`,
                                 `sed -i -e "s/DOWNLOAD_HASH_PLACEHOLDER/$(cat build/prod/sha256digest.txt)/" build/prod/index.html`
                             ]);
                     }

package/README.md

@@ -72,6 +72,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
  - [Carry out different operations on data of different types][8]
  - [Use parts of the input as arguments to operations][9]
  - [Perform AES decryption, extracting the IV from the beginning of the cipher stream][10]
+ - [A simpler way to perform the same AES Decryption][13]
  - [Automagically detect several layers of nested encoding][12]
 
 
@@ -147,6 +148,7 @@ CyberChef is released under the [Apache 2.0 Licence](https://www.apache.org/lice
   [7]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)From_UNIX_Timestamp('Seconds%20(s)')&input=OTc4MzQ2ODAwCjEwMTI2NTEyMDAKMTA0NjY5NjQwMAoxMDgxMDg3MjAwCjExMTUzMDUyMDAKMTE0OTYwOTYwMA
   [8]: https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Conditional_Jump('1',false,'base64',10)To_Hex('Space')Return()Label('base64')To_Base64('A-Za-z0-9%2B/%3D')&input=U29tZSBkYXRhIHdpdGggYSAxIGluIGl0ClNvbWUgZGF0YSB3aXRoIGEgMiBpbiBpdA
   [9]: https://gchq.github.io/CyberChef/#recipe=Register('key%3D(%5B%5C%5Cda-f%5D*)',true,false)Find_/_Replace(%7B'option':'Regex','string':'.*data%3D(.*)'%7D,'$1',true,false,true)RC4(%7B'option':'Hex','string':'$R0'%7D,'Hex','Latin1')&input=aHR0cDovL21hbHdhcmV6LmJpei9iZWFjb24ucGhwP2tleT0wZTkzMmE1YyZkYXRhPThkYjdkNWViZTM4NjYzYTU0ZWNiYjMzNGUzZGIxMQ
-  [10]: https://gchq.github.io/CyberChef/#recipe=Register('(.%7B32%7D)',true,false)Drop_bytes(0,32,false)AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D)&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg
+  [10]: https://gchq.github.io/CyberChef/#recipe=Register('(.%7B32%7D)',true,false,false)Drop_bytes(0,32,false)AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,16,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D,%7B'option':'Hex','string':''%7D,'Off')&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg
   [11]: https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'3a'%7D,'Standard',false)To_Hexdump(16,false,false)&input=VGhlIGFuc3dlciB0byB0aGUgdWx0aW1hdGUgcXVlc3Rpb24gb2YgbGlmZSwgdGhlIFVuaXZlcnNlLCBhbmQgZXZlcnl0aGluZyBpcyA0Mi4
   [12]: https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false)&input=V1VhZ3dzaWFlNm1QOGdOdENDTFVGcENwQ0IyNlJtQkRvREQ4UGFjZEFtekF6QlZqa0syUXN0RlhhS2hwQzZpVVM3UkhxWHJKdEZpc29SU2dvSjR3aGptMWFybTg2NHFhTnE0UmNmVW1MSHJjc0FhWmM1VFhDWWlmTmRnUzgzZ0RlZWpHWDQ2Z2FpTXl1QlY2RXNrSHQxc2NnSjg4eDJ0TlNvdFFEd2JHWTFtbUNvYjJBUkdGdkNLWU5xaU45aXBNcTFaVTFtZ2tkYk51R2NiNzZhUnRZV2hDR1VjOGc5M1VKdWRoYjhodHNoZVpud1RwZ3FoeDgzU1ZKU1pYTVhVakpUMnptcEM3dVhXdHVtcW9rYmRTaTg4WXRrV0RBYzFUb291aDJvSDRENGRkbU5LSldVRHBNd21uZ1VtSzE0eHdtb21jY1BRRTloTTE3MkFQblNxd3hkS1ExNzJSa2NBc3lzbm1qNWdHdFJtVk5OaDJzMzU5d3I2bVMyUVJQ
+  [13]: https://gchq.github.io/CyberChef/#recipe=AES_Decrypt(%7B'option':'Hex','string':'1748e7179bd56570d51fa4ba287cc3e5'%7D,%7B'option':'Hex','string':'$R0'%7D,16,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D,%7B'option':'Hex','string':''%7D,'From%20start')&input=NTFlMjAxZDQ2MzY5OGVmNWY3MTdmNzFmNWI0NzEyYWYyMGJlNjc0YjNiZmY1M2QzODU0NjM5NmVlNjFkYWFjNDkwOGUzMTljYTNmY2Y3MDg5YmZiNmIzOGVhOTllNzgxZDI2ZTU3N2JhOWRkNmYzMTFhMzk0MjBiODk3OGU5MzAxNGIwNDJkNDQ3MjZjYWVkZjU0MzZlYWY2NTI0MjljMGRmOTRiNTIxNjc2YzdjMmNlODEyMDk3YzI3NzI3M2M3YzcyY2Q4OWFlYzhkOWZiNGEyNzU4NmNjZjZhYTBhZWUyMjRjMzRiYTNiZmRmN2FlYjFkZGQ0Nzc2MjJiOTFlNzJjOWU3MDlhYjYwZjhkYWY3MzFlYzBjYzg1Y2UwZjc0NmZmMTU1NGE1YTNlYzI5MWNhNDBmOWU2MjlhODcyNTkyZDk4OGZkZDgzNDUzNGFiYTc5YzFhZDE2NzY3NjlhN2MwMTBiZjA0NzM5ZWNkYjY1ZDk1MzAyMzcxZDYyOWQ5ZTM3ZTdiNGEzNjFkYTQ2OGYxZWQ1MzU4OTIyZDJlYTc1MmRkMTFjMzY2ZjMwMTdiMTRhYTAxMWQyYWYwM2M0NGY5NTU3OTA5OGExNWUzY2Y5YjQ0ODZmOGZmZTljMjM5ZjM0ZGU3MTUxZjZjYTY1MDBmZTRiODUwYzNmMWMwMmU4MDFjYWYzYTI0NDY0NjE0ZTQyODAxNjE1YjhmZmFhMDdhYzgyNTE0OTNmZmRhN2RlNWRkZjMzNjg4ODBjMmI5NWIwMzBmNDFmOGYxNTA2NmFkZDA3MWE2NmNmNjBlNWY0NmYzYTIzMGQzOTdiNjUyOTYzYTIxYTUzZg

package/SECURITY.md

@@ -2,25 +2,15 @@
 
 ## Supported Versions
 
-CyberChef is supported on a best endeavours basis. Patches will be applied to
-the latest version rather than retroactively to older versions. To ensure you
-are using the most secure version of CyberChef, please make sure you have the
-[latest release](https://github.com/gchq/CyberChef/releases/latest). The
-official [live demo](https://gchq.github.io/CyberChef/) is always up to date.
+CyberChef is supported on a best endeavours basis.
+Patches will be applied to the latest version rather than retroactively to older versions.
+To ensure you are using the most secure version of CyberChef, please make sure you have the [latest release](https://github.com/gchq/CyberChef/releases/latest). [The official website](https://gchq.github.io/CyberChef/) is always up to date.
 
 ## Reporting a Vulnerability
 
-In most scenarios, the most appropriate way to report a vulnerability is to
-[raise a new issue](https://github.com/gchq/CyberChef/issues/new/choose)
-describing the problem in as much detail as possible, ideally with examples.
-This will obviously be public. If you feel that the vulnerability is
-significant enough to warrant a private disclosure, please email
-[oss@gchq.gov.uk](mailto:oss@gchq.gov.uk) and
-[n1474335@gmail.com](mailto:n1474335@gmail.com).
+If you discover a vulnerability in CyberChef, please do not publicly disclose it, and do not create a GitHub issue.
 
-Disclosures of vulnerabilities in CyberChef are always welcomed. Whilst we aim
-to write clean and secure code free from bugs, we recognise that this is an open
-source project written by analysts in their spare time, relying on dozens of
-open source libraries that are modified and updated on a regular basis. We hope
-that the community will continue to support us as we endeavour to maintain and
-develop this tool together.
+Instead, send an email as soon as possible to [CyberChefSecurity@gchq.gov.uk](mailto:CyberChefSecurity@gchq.gov.uk).
+The report will be acknowledged and actioned urgently by the CyberChef maintainers.
+
+If you do not receive a timely acknowledgement, please notify [oss@gchq.gov.uk](mailto:oss@gchq.gov.uk) and [CyberChef@gchq.gov.uk](mailto:CyberChef@gchq.gov.uk) of your vulnerability report.

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "cyberchef",
-  "version": "11.0.0",
+  "version": "11.1.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
-  "author": "n1474335 <n1474335@gmail.com>",
+  "author": "GCHQ <CyberChef@gchq.gov.uk>",
   "homepage": "https://gchq.github.io/CyberChef",
   "copyright": "Crown copyright 2016",
   "license": "Apache-2.0",
@@ -39,30 +39,31 @@
     "node >= 24"
   ],
   "devDependencies": {
-    "@babel/eslint-parser": "^7.28.6",
+    "@babel/eslint-parser": "^7.29.7",
     "@babel/plugin-syntax-import-assertions": "^7.28.6",
-    "@babel/plugin-transform-runtime": "^7.29.0",
-    "@babel/preset-env": "^7.29.2",
-    "@babel/runtime": "^7.29.2",
+    "@babel/plugin-transform-runtime": "^7.29.7",
+    "@babel/preset-env": "^7.29.7",
+    "@babel/runtime": "^7.29.7",
     "@codemirror/commands": "^6.10.3",
     "@codemirror/language": "^6.12.3",
     "@codemirror/search": "^6.7.0",
     "@codemirror/state": "^6.5.4",
-    "@codemirror/view": "^6.41.1",
+    "@codemirror/view": "^6.43.1",
+    "@puppeteer/browsers": "3.0.4",
     "autoprefixer": "^10.5.0",
     "babel-loader": "^10.1.1",
     "base64-loader": "^1.0.0",
-    "chromedriver": "^146.0.6",
+    "chromedriver": "^148.0.4",
     "cli-progress": "^3.12.0",
     "colors": "^1.4.0",
     "compression-webpack-plugin": "^12.0.0",
     "copy-webpack-plugin": "^14.0.0",
     "core-js": "^3.49.0",
-    "cspell": "^9.7.0",
+    "cspell": "^10.0.1",
     "css-loader": "^7.1.4",
     "eslint": "^9.39.4",
     "eslint-plugin-jsdoc": "^50.8.0",
-    "globals": "^17.4.0",
+    "globals": "^17.6.0",
     "grunt": "^1.6.2",
     "grunt-chmod": "~1.1.1",
     "grunt-concurrent": "^3.0.0",
@@ -70,25 +71,25 @@
     "grunt-contrib-connect": "^5.0.1",
     "grunt-contrib-copy": "~1.0.0",
     "grunt-contrib-watch": "^1.1.0",
-    "grunt-eslint": "^25.0.0",
+    "grunt-eslint": "^26.0.0",
     "grunt-exec": "~3.0.0",
-    "grunt-webpack": "^6.0.0",
+    "grunt-webpack": "^8.0.0",
     "grunt-zip": "^1.0.0",
     "html-webpack-plugin": "^5.6.7",
     "imports-loader": "^5.0.0",
     "mini-css-extract-plugin": "2.10.2",
     "modify-source-webpack-plugin": "^4.1.0",
-    "nightwatch": "^3.15.0",
-    "postcss": "^8.5.10",
+    "nightwatch": "^3.16.0",
+    "postcss": "^8.5.15",
     "postcss-css-variables": "^0.19.0",
     "postcss-import": "^16.1.1",
     "postcss-loader": "^8.2.1",
     "prompt": "^1.3.0",
-    "sitemap": "^8.0.3",
-    "terser": "^5.46.2",
-    "webpack": "^5.106.2",
-    "webpack-bundle-analyzer": "^5.0.0",
-    "webpack-dev-server": "^5.0.4",
+    "sitemap": "^9.0.1",
+    "terser": "^5.48.0",
+    "webpack": "^5.107.2",
+    "webpack-bundle-analyzer": "^5.3.0",
+    "webpack-dev-server": "^5.2.4",
     "webpack-node-externals": "^3.0.0",
     "worker-loader": "^3.0.8"
   },
@@ -96,22 +97,23 @@
     "@alexaltea/capstone-js": "^3.0.5",
     "@astronautlabs/amf": "^0.0.6",
     "@blu3r4y/lzma": "^2.3.3",
+    "@noble/hashes": "2.2.0",
     "@wavesenterprise/crypto-gost-js": "^2.1.0-RC1",
     "@xmldom/xmldom": "^0.8.13",
     "argon2-browser": "^1.18.0",
     "arrive": "^2.5.3",
     "assert": "^2.1.0",
     "avsc": "^5.7.9",
-    "bcryptjs": "^2.4.3",
-    "bignumber.js": "^9.3.1",
+    "bcryptjs": "^3.0.3",
+    "bignumber.js": "^11.1.3",
     "blakejs": "^1.2.1",
     "bootstrap": "4.6.2",
     "bootstrap-colorpicker": "^3.4.0",
     "bootstrap-material-design": "^4.1.3",
     "browserify-zlib": "^0.2.0",
-    "bson": "^4.7.2",
+    "bson": "^7.2.0",
     "buffer": "^6.0.3",
-    "cbor": "9.0.2",
+    "cbor": "10.0.12",
     "chi-squared": "^1.1.0",
     "codepage": "^1.15.0",
     "crypto-api": "^0.8.5",
@@ -120,8 +122,8 @@
     "ctph.js": "0.0.5",
     "d3": "7.9.0",
     "d3-hexbin": "^0.2.2",
-    "diff": "^5.2.2",
-    "dompurify": "^3.4.1",
+    "diff": "^9.0.0",
+    "dompurify": "^3.4.8",
     "es6-promisify": "^7.0.0",
     "escodegen": "^2.1.0",
     "esprima": "^4.0.1",
@@ -132,7 +134,6 @@
     "flat": "^6.0.1",
     "geodesy": "1.1.3",
     "handlebars": "^4.7.9",
-    "hash-wasm": "^4.12.0",
     "highlight.js": "^11.11.1",
     "ieee754": "^1.2.1",
     "jimp": "1.6.0",
@@ -141,7 +142,7 @@
     "js-sha3": "^0.9.3",
     "jsesc": "^3.1.0",
     "json5": "^2.2.3",
-    "jsonata": "^2.1.0",
+    "jsonata": "^2.2.1",
     "jsonpath-plus": "^10.4.0",
     "jsonwebtoken": "9.0.3",
     "jsqr": "^1.4.0",
@@ -154,9 +155,9 @@
     "loglevel-message-prefix": "^3.0.0",
     "lz-string": "^1.5.0",
     "lz4js": "^0.2.0",
-    "markdown-it": "^14.1.1",
+    "markdown-it": "^14.2.0",
     "moment": "^2.30.1",
-    "moment-timezone": "^0.6.1",
+    "moment-timezone": "^0.6.2",
     "ngeohash": "^0.6.3",
     "node-forge": "^1.4.0",
     "node-md6": "^0.1.0",
@@ -168,7 +169,7 @@
     "path": "^0.12.7",
     "popper.js": "^1.16.1",
     "process": "^0.11.10",
-    "protobufjs": "^7.5.5",
+    "protobufjs": "^8.6.2",
     "punycode.js": "^2.3.1",
     "qr-image": "^3.2.0",
     "reflect-metadata": "^0.2.2",
@@ -177,15 +178,15 @@
     "snackbarjs": "^1.1.0",
     "sortablejs": "^1.15.7",
     "split.js": "^1.6.5",
-    "sql-formatter": "^15.7.3",
+    "sql-formatter": "^15.8.1",
     "ssdeep.js": "0.0.3",
     "stream-browserify": "^3.0.0",
-    "tesseract.js": "^6.0.1",
-    "ua-parser-js": "^1.0.41",
+    "tesseract.js": "^7.0.0",
+    "ua-parser-js": "^2.0.10",
     "unorm": "^1.6.0",
     "url": "^0.11.4",
     "utf8": "^3.0.0",
-    "uuid": "^13.0.0",
+    "uuid": "^14.0.0",
     "vkbeautify": "^0.99.3",
     "xpath": "0.0.34",
     "xregexp": "^5.1.2",

package/src/core/config/Categories.json

@@ -49,6 +49,7 @@
             "Escape Unicode Characters",
             "Unescape Unicode Characters",
             "Normalise Unicode",
+            "Escape Smart Characters",
             "To Quoted Printable",
             "From Quoted Printable",
             "To Punycode",
@@ -118,6 +119,7 @@
             "GOST Verify",
             "GOST Key Wrap",
             "GOST Key Unwrap",
+            "ROR13",
             "ROT13",
             "ROT13 Brute Force",
             "ROT47",
@@ -188,6 +190,7 @@
             "Generate PGP Key Pair",
             "PGP Encrypt",
             "PGP Decrypt",
+            "PGP Sign",
             "PGP Verify",
             "PGP Encrypt and Sign",
             "PGP Decrypt and Verify",
@@ -238,6 +241,7 @@
             "Bit shift right",
             "Rotate left",
             "Rotate right",
+            "ROR13",
             "ROT13",
             "ROT8000"
         ]
@@ -303,6 +307,7 @@
             "Diff",
             "Remove whitespace",
             "Remove null bytes",
+            "Remove ANSI Escape Codes",
             "To Upper case",
             "To Lower case",
             "Swap case",
@@ -348,6 +353,7 @@
             "Pseudo-Random Number Generator",
             "Sleep",
             "File Tree",
+            "Wrap",
             "Take nth bytes",
             "Drop nth bytes"
         ]