New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump passport-saml from 1.3.5 to 3.2.2 #162

Open

renovate-pagopa wants to merge 1 commit into master from renovate/passport-saml-to-3.2.2

+40 −39

renovate-pagopa bot commented Apr 16, 2024 •

edited

Loading

This PR contains the following updates:

Package	Type	Update	Change
passport-saml	dependencies	major	`1.3.5` -> `3.2.2`

For further information on security, please refer to the Confluence page link

Release Notes

node-saml/passport-saml (passport-saml)

`v3.2.2`

Merge pull request from GHSA-m974-647v-whv7 (8b7e3f5)

`v3.2.1`

deps: upgrade release-it, npm dedupe (8f3ffcd)
deps: npm audit fix (b81c36c)
Export AuthenticateOptions type (#657) (ef1dcfc)
test: update error message to match new xml-encryption format. (3e908fa)
Update xml-encryption to get rid of vulnerable node-forge (#667) (b9de63b)

`v3.2.0`

Update dependencies (#640) (e21a04b)

`v3.1.2`

Update xmldom to 0.7.2 (#633) (9aef839)

`v3.1.1`

Patch algorithm definitions (#625) (d782971)

`v3.1.0`

🐛 Bug Fixes

[security] Limit transforms for signed nodes #595
Fix: Conflicting profile properties between profile and attributes #593
Fix validateInResponseTo null check #596

📚 Documentation

Rebuild changelog for 3.0.0 #605
Fix typo OnBefore -> NotBefore #611
Update README with new Cache Provider interface #608

`v3.0.0`

💣 Major Changes

Update all dependencies to latest #590
Add Node 16 support; drop Node 10 #589
Enforce more secure XML encryption #584
Node saml separation #574
Remove support for deprecated privateCert #569
Require cert for every strategy #548

🚀 Minor Changes

Add optional setting to set a ceiling on how old a SAML response is allowed to be #577
Move XML functions to utility module #571
Improve the typing of the Strategy class hierarchy. #554
Resolve XML-encoded carriage returns during signature validation #576
Make sure CI builds test latest versions of dependencies #570
Add WantAssertionsSigned #536
Update xml-crypto to v2.1.1 #558
Allow for authnRequestBinding in SAML options #529

🔗 Dependencies

Update all packages to latest semver-minor #588
Update xml-encryption to v1.2.3 #567
Revert "Update xml-encryption to v1.2.3" #564
Update xml-encryption to v1.2.3 #560
bump xmldom to 0.5.x since all lower versions have security issue #551

🐛 Bug Fixes

Fix incorrect import of compiled files in tests #572

📚 Documentation

Remove deprecated field privateCert from README, tests #591
Add support for more tags in the changelog #592
Changelog #587
Create of Code of Conduct #573
Update readme on using multiSamlStrategy #531

⚙️ Technical Tasks

Fix lint npm script to match all files including in src/ #555
remove old callback functions, tests use async/await #545
Tests use typescript #534
async / await in cache interface #532
Format code and enforce code style on PR #527
async/await for saml.ts #496

`v2.2.0`

Resolve XML-encoded carriage returns during signature validation (#578) (08c626c)
Add deprecation notices for renamed variables (#568) (8114d4c)

`v2.1.0`

Update xml-encryption to v1.2.3 (#566) (7fcd8b6)
Revert "Update xml-encryption to v1.2.3 (#562)" (#565) (2833848)
Update xml-encryption to v1.2.3 (#562) (e5f1151)
Update xml-crypto to v2.1.1 (#557) (b589bd7)

`v2.0.6`

bump xmldom to 0.5.x since all lower versions have security issue (#551) (3d98c75)

`v2.0.5`

⚙️ Technical Tasks

Ignore test folder when building npm package #526

`v2.0.4`

⚙️ Technical Tasks

Generating changelog using gren #518

`v2.0.2`

🐛 Bug Fixes

normalize line endings before signature validation #498

`v2.0.1`

🐛 Bug Fixes

Add deprecation notice for privateCert; fix bug #492

`v1.5.0`

🚀 Minor Changes

validateSignature: Support XML docs that contain multiple signed node… #481
validateSignature: Support XML docs that contain multiple signed nodes #455

🐛 Bug Fixes

Revert "validateSignature: Support XML docs that contain multiple signed nodes" #480

⚙️ Technical Tasks

outdated Q library was removed #478

`v1.4.2`

⚙️ Technical Tasks

Primary files use typescript #477

`v1.4.1`

⚙️ Technical Tasks

compatibility with @types/passport-saml, fixes #475 #476

`v1.4.0`

💣 Major Changes

Drop support for Node 8 #462

🚀 Minor Changes

try to use curl when wget is not available #468

🔗 Dependencies

bumped xml-crypto from 1.5.3 to 2.0.0 #470
Upgrade xml-crypto dependency #465

🐛 Bug Fixes

Only make an attribute an object if it has child elements #464
fix: add catch block to NameID decryption #461

📚 Documentation

Add PR template #473
Fix typo #434

⚙️ Technical Tasks

Ts secondary files #474
support typescript compilation #469
Add GitHub Actions as Continuos Integration provider #463

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

renovate-pagopa bot requested a review from BurnedMarshal as a code owner

April 16, 2024 07:07

renovate-pagopa bot added the OER label

renovate-pagopa bot requested review from gunzip, francescopersico, AleDore, balanza, gquadrati and arcogabbo as code owners

April 16, 2024 07:07

github-actions bot commented Apr 16, 2024

Jira Pull request Link

It seems this Pull Request has no issues that refers to Jira!!!
Please check it out.

sonarcloud bot commented Apr 16, 2024

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud


          Bump passport-saml from 1.3.5 to 3.2.2

15114bf

renovate-pagopa bot force-pushed the renovate/passport-saml-to-3.2.2 branch from 5cd630c to 15114bf Compare

June 21, 2024 05:35

sonarcloud bot commented Jun 21, 2024

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

BurnedMarshal Awaiting requested review from BurnedMarshal BurnedMarshal is a code owner

gunzip Awaiting requested review from gunzip gunzip is a code owner

francescopersico Awaiting requested review from francescopersico francescopersico is a code owner

AleDore Awaiting requested review from AleDore AleDore is a code owner

balanza Awaiting requested review from balanza

gquadrati Awaiting requested review from gquadrati gquadrati is a code owner

arcogabbo Awaiting requested review from arcogabbo arcogabbo is a code owner

At least 1 approving review is required to merge this pull request.