Skip to content

Commit

Permalink
Update forked xml-encryption for security fix (#387)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tngan
tngan committed Sep 4, 2020
1 parent 56e0a69 commit d2c98cd
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 22 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@
},
"license": "MIT",
"dependencies": {
"@authenio/xml-encryption": "^1.2.1",
"camelcase": "^5.3.1",
"node-forge": "^0.10.0",
"node-rsa": "^1.0.5",
"pako": "^1.0.10",
"uuid": "^3.3.2",
"xml": "^1.0.1",
"xml-crypto": "^1.5.3",
"xml-encryption": "^1.1.1",
"xmldom": "^0.1.27",
"xpath": "^0.0.27"
},
Expand Down
2 changes: 1 addition & 1 deletion src/libsaml.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import { select, SelectedValue } from 'xpath';
import { MetadataInterface } from './metadata';
import * as nrsa from 'node-rsa';
import { SignedXml, FileKeyInfo } from 'xml-crypto';
import * as xmlenc from 'xml-encryption';
import * as xmlenc from '@authenio/xml-encryption';
import { extract } from './extractor';
import camelCase from 'camelcase';
import { getContext } from './api';
Expand Down
48 changes: 28 additions & 20 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,17 @@
# yarn lockfile v1


"@authenio/xml-encryption@^1.2.1":
version "1.2.1"
resolved "https://registry.yarnpkg.com/@authenio/xml-encryption/-/xml-encryption-1.2.1.tgz#765a5cf0e3b3010076d5af88e565d92a54ee4d7b"
integrity sha512-3dVdKRYpUbl7x7L+bhZh+dHD6dg4kmXVU2ky9bNNJkFrLkBfoQ53QvhFv93th8dpJr4v97J6CI5fsEF1A7KYJQ==
dependencies:
async "^2.1.5"
ejs "^2.5.6"
node-forge "^0.10.0"
xmldom "~0.1.15"
xpath "0.0.27"

"@ava/typescript@^1.1.1":
version "1.1.1"
resolved "https://registry.yarnpkg.com/@ava/typescript/-/typescript-1.1.1.tgz#3dcaba3aced8026fdb584d927d809752854dc6e6"
Expand Down Expand Up @@ -441,6 +452,13 @@ astral-regex@^2.0.0:
resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31"
integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==

async@^2.1.5:
version "2.6.3"
resolved "https://registry.yarnpkg.com/async/-/async-2.6.3.tgz#d72625e2344a3656e3a3ad4fa749fa83299d82ff"
integrity sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==
dependencies:
lodash "^4.17.14"

asynckit@^0.4.0:
version "0.4.0"
resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
Expand Down Expand Up @@ -971,6 +989,11 @@ ecc-jsbn@~0.1.1:
jsbn "~0.1.0"
safer-buffer "^2.1.0"

ejs@^2.5.6:
version "2.7.4"
resolved "https://registry.yarnpkg.com/ejs/-/ejs-2.7.4.tgz#48661287573dcc53e366c7a1ae52c3a120eec9ba"
integrity sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==

emittery@^0.6.0:
version "0.6.0"
resolved "https://registry.yarnpkg.com/emittery/-/emittery-0.6.0.tgz#e85312468d77c3ed9a6adf43bb57d34849e0c95a"
Expand Down Expand Up @@ -1015,11 +1038,6 @@ escape-goat@^2.0.0:
resolved "https://registry.yarnpkg.com/escape-goat/-/escape-goat-2.1.1.tgz#1b2dc77003676c457ec760b2dc68edb648188675"
integrity sha512-8/uIhbG12Csjy2JEW7D9pHbreaVaS/OpN3ycnyvElTdwM5n6GY6W6e2IPemfvGZeUMqZ9A/3GqIZMgKnBhAw/Q==

escape-html@^1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=

escape-string-regexp@^1.0.5:
version "1.0.5"
resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
Expand Down Expand Up @@ -1737,6 +1755,11 @@ lodash@^4.17.13, lodash@^4.17.15:
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==

lodash@^4.17.14:
version "4.17.20"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52"
integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==

log-driver@^1.2.7:
version "1.2.7"
resolved "https://registry.yarnpkg.com/log-driver/-/log-driver-1.2.7.tgz#63b95021f0702fedfa2c9bb0a24e7797d71871d8"
Expand Down Expand Up @@ -1886,11 +1909,6 @@ node-forge@^0.10.0:
resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==

node-forge@^0.7.0:
version "0.7.6"
resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac"
integrity sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==

node-preload@^0.2.1:
version "0.2.1"
resolved "https://registry.yarnpkg.com/node-preload/-/node-preload-0.2.1.tgz#c03043bb327f417a18fee7ab7ee57b408a144301"
Expand Down Expand Up @@ -2844,16 +2862,6 @@ xml-crypto@^1.5.3:
xmldom "0.1.27"
xpath "0.0.27"

xml-encryption@^1.1.1:
version "1.2.0"
resolved "https://registry.yarnpkg.com/xml-encryption/-/xml-encryption-1.2.0.tgz#37c8b470beae88b4625ea8cad82f108ea0f9c364"
integrity sha512-J3NjGMY8jf6bTo15jURTYBLtsisbnyCeM+MuxtfiAkZEZBnSZpNKjUUORhiOScKvSi6tMOAaZ3r7bZOXOni+Ew==
dependencies:
escape-html "^1.0.3"
node-forge "^0.7.0"
xmldom "~0.1.15"
xpath "0.0.27"

xml@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/xml/-/xml-1.0.1.tgz#78ba72020029c5bc87b8a81a3cfcd74b4a2fc1e5"
Expand Down

0 comments on commit d2c98cd

Please sign in to comment.