Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump passport-saml from 1.3.5 to 3.2.2 #162

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate-pagopa[bot]
Copy link

@renovate-pagopa renovate-pagopa bot commented Apr 16, 2024

This PR contains the following updates:

Package Type Update Change
passport-saml dependencies major 1.3.5 -> 3.2.2

For further information on security, please refer to the Confluence page link


Release Notes

node-saml/passport-saml (passport-saml)

v3.2.2

Compare Source

v3.2.1

Compare Source

  • deps: upgrade release-it, npm dedupe (8f3ffcd)
  • deps: npm audit fix (b81c36c)
  • Export AuthenticateOptions type (#​657) (ef1dcfc)
  • test: update error message to match new xml-encryption format. (3e908fa)
  • Update xml-encryption to get rid of vulnerable node-forge (#​667) (b9de63b)

v3.2.0

Compare Source

v3.1.2

Compare Source

v3.1.1

Compare Source

v3.1.0

Compare Source

🐛 Bug Fixes
  • [security] Limit transforms for signed nodes #​595
  • Fix: Conflicting profile properties between profile and attributes #​593
  • Fix validateInResponseTo null check #​596
📚 Documentation
  • Rebuild changelog for 3.0.0 #​605
  • Fix typo OnBefore -> NotBefore #​611
  • Update README with new Cache Provider interface #​608

v3.0.0

Compare Source

💣 Major Changes
  • Update all dependencies to latest #​590
  • Add Node 16 support; drop Node 10 #​589
  • Enforce more secure XML encryption #​584
  • Node saml separation #​574
  • Remove support for deprecated privateCert #​569
  • Require cert for every strategy #​548
🚀 Minor Changes
  • Add optional setting to set a ceiling on how old a SAML response is allowed to be #​577
  • Move XML functions to utility module #​571
  • Improve the typing of the Strategy class hierarchy. #​554
  • Resolve XML-encoded carriage returns during signature validation #​576
  • Make sure CI builds test latest versions of dependencies #​570
  • Add WantAssertionsSigned #​536
  • Update xml-crypto to v2.1.1 #​558
  • Allow for authnRequestBinding in SAML options #​529
🔗 Dependencies
  • Update all packages to latest semver-minor #​588
  • Update xml-encryption to v1.2.3 #​567
  • Revert "Update xml-encryption to v1.2.3" #​564
  • Update xml-encryption to v1.2.3 #​560
  • bump xmldom to 0.5.x since all lower versions have security issue #​551
🐛 Bug Fixes
  • Fix incorrect import of compiled files in tests #​572
📚 Documentation
  • Remove deprecated field privateCert from README, tests #​591
  • Add support for more tags in the changelog #​592
  • Changelog #​587
  • Create of Code of Conduct #​573
  • Update readme on using multiSamlStrategy #​531
⚙️ Technical Tasks
  • Fix lint npm script to match all files including in src/ #​555
  • remove old callback functions, tests use async/await #​545
  • Tests use typescript #​534
  • async / await in cache interface #​532
  • Format code and enforce code style on PR #​527
  • async/await for saml.ts #​496

v2.2.0

Compare Source

  • Resolve XML-encoded carriage returns during signature validation (#​578) (08c626c)
  • Add deprecation notices for renamed variables (#​568) (8114d4c)

v2.1.0

Compare Source

v2.0.6

Compare Source

  • bump xmldom to 0.5.x since all lower versions have security issue (#​551) (3d98c75)

v2.0.5

Compare Source

⚙️ Technical Tasks
  • Ignore test folder when building npm package #​526

v2.0.4

Compare Source

⚙️ Technical Tasks
  • Generating changelog using gren #​518

v2.0.2

Compare Source

🐛 Bug Fixes
  • normalize line endings before signature validation #​498

v2.0.1

Compare Source

🐛 Bug Fixes
  • Add deprecation notice for privateCert; fix bug #​492

v1.5.0

Compare Source

🚀 Minor Changes
  • validateSignature: Support XML docs that contain multiple signed node… #​481
  • validateSignature: Support XML docs that contain multiple signed nodes #​455
🐛 Bug Fixes
  • Revert "validateSignature: Support XML docs that contain multiple signed nodes" #​480
⚙️ Technical Tasks
  • outdated Q library was removed #​478

v1.4.2

Compare Source

⚙️ Technical Tasks
  • Primary files use typescript #​477

v1.4.1

Compare Source

⚙️ Technical Tasks

v1.4.0

Compare Source

💣 Major Changes
🚀 Minor Changes
  • try to use curl when wget is not available #​468
🔗 Dependencies
  • bumped xml-crypto from 1.5.3 to 2.0.0 #​470
  • Upgrade xml-crypto dependency #​465
🐛 Bug Fixes
  • Only make an attribute an object if it has child elements #​464
  • fix: add catch block to NameID decryption #​461
📚 Documentation
⚙️ Technical Tasks
  • Ts secondary files #​474
  • support typescript compilation #​469
  • Add GitHub Actions as Continuos Integration provider #​463


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copy link

Jira Pull request Link

It seems this Pull Request has no issues that refers to Jira!!!
Please check it out.

Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@renovate-pagopa renovate-pagopa bot force-pushed the renovate/passport-saml-to-3.2.2 branch from 5cd630c to 15114bf Compare June 21, 2024 05:35
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants