Bump passport-saml from 1.3.5 to 3.2.2

[renovate-pagopa]

This PR contains the following updates:

Package	Type	Update	Change
passport-saml	dependencies	major	1.3.5 -> 3.2.2

For further information on security, please refer to the Confluence page link

---

Release Notes

node-saml/passport-saml (passport-saml)

v3.2.2

Compare Source

• Merge pull request from GHSA-m974-647v-whv7 (8b7e3f5)

v3.2.1

Compare Source

• deps: upgrade release-it, npm dedupe (8f3ffcd)
• deps: npm audit fix (b81c36c)
• Export AuthenticateOptions type (#​657) (ef1dcfc)
• test: update error message to match new xml-encryption format. (3e908fa)
• Update xml-encryption to get rid of vulnerable node-forge (#​667) (b9de63b)

v3.2.0

Compare Source

• Update dependencies (#​640) (e21a04b)

v3.1.2

Compare Source

• Update xmldom to 0.7.2 (#​633) (9aef839)

v3.1.1

Compare Source

• Patch algorithm definitions (#​625) (d782971)

v3.1.0

Compare Source

🐛 Bug Fixes

• [security] Limit transforms for signed nodes #​595
• Fix: Conflicting profile properties between profile and attributes #​593
• Fix validateInResponseTo null check #​596

📚 Documentation

• Rebuild changelog for 3.0.0 #​605
• Fix typo OnBefore -> NotBefore #​611
• Update README with new Cache Provider interface #​608

---

v3.0.0

Compare Source

💣 Major Changes

• Update all dependencies to latest #​590
• Add Node 16 support; drop Node 10 #​589
• Enforce more secure XML encryption #​584
• Node saml separation #​574
• Remove support for deprecated privateCert #​569
• Require cert for every strategy #​548

🚀 Minor Changes

• Add optional setting to set a ceiling on how old a SAML response is allowed to be #​577
• Move XML functions to utility module #​571
• Improve the typing of the Strategy class hierarchy. #​554
• Resolve XML-encoded carriage returns during signature validation #​576
• Make sure CI builds test latest versions of dependencies #​570
• Add WantAssertionsSigned #​536
• Update xml-crypto to v2.1.1 #​558
• Allow for authnRequestBinding in SAML options #​529

🔗 Dependencies

• Update all packages to latest semver-minor #​588
• Update xml-encryption to v1.2.3 #​567
• Revert "Update xml-encryption to v1.2.3" #​564
• Update xml-encryption to v1.2.3 #​560
• bump xmldom to 0.5.x since all lower versions have security issue #​551

🐛 Bug Fixes

• Fix incorrect import of compiled files in tests #​572

📚 Documentation

• Remove deprecated field privateCert from README, tests #​591
• Add support for more tags in the changelog #​592
• Changelog #​587
• Create of Code of Conduct #​573
• Update readme on using multiSamlStrategy #​531

⚙️ Technical Tasks

• Fix lint npm script to match all files including in src/ #​555
• remove old callback functions, tests use async/await #​545
• Tests use typescript #​534
• async / await in cache interface #​532
• Format code and enforce code style on PR #​527
• async/await for saml.ts #​496

---

v2.2.0

Compare Source

• Resolve XML-encoded carriage returns during signature validation (#​578) (08c626c)
• Add deprecation notices for renamed variables (#​568) (8114d4c)

v2.1.0

Compare Source

• Update xml-encryption to v1.2.3 (#​566) (7fcd8b6)
• Revert "Update xml-encryption to v1.2.3 (#​562)" (#​565) (2833848)
• Update xml-encryption to v1.2.3 (#​562) (e5f1151)
• Update xml-crypto to v2.1.1 (#​557) (b589bd7)

v2.0.6

Compare Source

• bump xmldom to 0.5.x since all lower versions have security issue (#​551) (3d98c75)

v2.0.5

Compare Source

⚙️ Technical Tasks

• Ignore test folder when building npm package #​526

---

v2.0.4

Compare Source

⚙️ Technical Tasks

• Generating changelog using gren #​518

---

v2.0.2

Compare Source

🐛 Bug Fixes

• normalize line endings before signature validation #​498

---

v2.0.1

Compare Source

🐛 Bug Fixes

• Add deprecation notice for privateCert; fix bug #​492

---

v1.5.0

Compare Source

🚀 Minor Changes

• validateSignature: Support XML docs that contain multiple signed node… #​481
• validateSignature: Support XML docs that contain multiple signed nodes #​455

🐛 Bug Fixes

• Revert "validateSignature: Support XML docs that contain multiple signed nodes" #​480

⚙️ Technical Tasks

• outdated Q library was removed #​478

---

v1.4.2

Compare Source

⚙️ Technical Tasks

• Primary files use typescript #​477

---

v1.4.1

Compare Source

⚙️ Technical Tasks

• compatibility with @​types/passport-saml, fixes #​475 #​476

---

v1.4.0

Compare Source

💣 Major Changes

• Drop support for Node 8 #​462

🚀 Minor Changes

• try to use curl when wget is not available #​468

🔗 Dependencies

• bumped xml-crypto from 1.5.3 to 2.0.0 #​470
• Upgrade xml-crypto dependency #​465

🐛 Bug Fixes

• Only make an attribute an object if it has child elements #​464
• fix: add catch block to NameID decryption #​461

📚 Documentation

• Add PR template #​473
• Fix typo #​434

⚙️ Technical Tasks

• Ts secondary files #​474
• support typescript compilation #​469
• Add GitHub Actions as Continuos Integration provider #​463

---

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Jira Pull request Link

It seems this Pull Request has no issues that refers to Jira!!!
Please check it out.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud