Update forked xml-encryption for security fix (#387)

tngan · Sep 4, 2020 · 06a8b9c · 06a8b9c
1 parent 56e0a69
commit 06a8b9c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 17 deletions.
diff --git a/package.json b/package.json
@@ -31,14 +31,14 @@
   },
   "license": "MIT",
   "dependencies": {
+    "@authenio/xml-encryption": "^1.2.2",
     "camelcase": "^5.3.1",
     "node-forge": "^0.10.0",
     "node-rsa": "^1.0.5",
     "pako": "^1.0.10",
     "uuid": "^3.3.2",
     "xml": "^1.0.1",
     "xml-crypto": "^1.5.3",
-    "xml-encryption": "^1.1.1",
     "xmldom": "^0.1.27",
     "xpath": "^0.0.27"
   },

diff --git a/src/libsaml.ts b/src/libsaml.ts
@@ -11,7 +11,7 @@ import { select, SelectedValue } from 'xpath';
 import { MetadataInterface } from './metadata';
 import * as nrsa from 'node-rsa';
 import { SignedXml, FileKeyInfo } from 'xml-crypto';
-import * as xmlenc from 'xml-encryption';
+import * as xmlenc from '@authenio/xml-encryption';
 import { extract } from './extractor';
 import camelCase from 'camelcase';
 import { getContext } from './api';

diff --git a/yarn.lock b/yarn.lock
@@ -2,6 +2,16 @@
 # yarn lockfile v1
 
 
+"@authenio/xml-encryption@^1.2.2":
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/@authenio/xml-encryption/-/xml-encryption-1.2.2.tgz#87cbfe7a9efa9e283ba4c743f9ba5b4f6e06d36c"
+  integrity sha512-DARJx+HwQ/jgVF+rOFwYFDWqFIZGueIKmwSRsTBPlEw9tkCFWWv53MdwScKfVX0tiZFNJshRR99fdKnzXnxyvg==
+  dependencies:
+    escape-html "^1.0.3"
+    node-forge "^0.10.0"
+    xmldom "~0.1.15"
+    xpath "0.0.27"
+
 "@ava/typescript@^1.1.1":
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/@ava/typescript/-/typescript-1.1.1.tgz#3dcaba3aced8026fdb584d927d809752854dc6e6"
@@ -1886,11 +1896,6 @@ node-forge@^0.10.0:
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
   integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
 
-node-forge@^0.7.0:
-  version "0.7.6"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac"
-  integrity sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==
-
 node-preload@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/node-preload/-/node-preload-0.2.1.tgz#c03043bb327f417a18fee7ab7ee57b408a144301"
@@ -2844,16 +2849,6 @@ xml-crypto@^1.5.3:
     xmldom "0.1.27"
     xpath "0.0.27"
 
-xml-encryption@^1.1.1:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/xml-encryption/-/xml-encryption-1.2.0.tgz#37c8b470beae88b4625ea8cad82f108ea0f9c364"
-  integrity sha512-J3NjGMY8jf6bTo15jURTYBLtsisbnyCeM+MuxtfiAkZEZBnSZpNKjUUORhiOScKvSi6tMOAaZ3r7bZOXOni+Ew==
-  dependencies:
-    escape-html "^1.0.3"
-    node-forge "^0.7.0"
-    xmldom "~0.1.15"
-    xpath "0.0.27"
-
 xml@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/xml/-/xml-1.0.1.tgz#78ba72020029c5bc87b8a81a3cfcd74b4a2fc1e5"