Skip to content

Bump passport-saml from 1.3.5 to 3.2.2#105

Open
renovate-pagopa[bot] wants to merge 1 commit intomasterfrom
renovate/passport-saml-to-3.2.2
Open

Bump passport-saml from 1.3.5 to 3.2.2#105
renovate-pagopa[bot] wants to merge 1 commit intomasterfrom
renovate/passport-saml-to-3.2.2

Conversation

@renovate-pagopa
Copy link

@renovate-pagopa renovate-pagopa bot commented Jan 20, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
passport-saml 1.3.5 -> 3.2.2 age confidence

For further information on security, please refer to the Confluence page link

Release Notes

node-saml/passport-saml (passport-saml)

v3.2.2

Compare Source

v3.2.1

Compare Source

  • deps: upgrade release-it, npm dedupe (8f3ffcd)
  • deps: npm audit fix (b81c36c)
  • Export AuthenticateOptions type (#​657) (ef1dcfc)
  • test: update error message to match new xml-encryption format. (3e908fa)
  • Update xml-encryption to get rid of vulnerable node-forge (#​667) (b9de63b)

v3.2.0

Compare Source

v3.1.2

Compare Source

v3.1.1

Compare Source

💣 Major Changes
🚀 Minor Changes
  • Add support for multiple signing certs in metadata #​655
🔗 Dependencies
🐛 Bug Fixes
  • add MultiStrategyConfig type export #​675
📚 Documentation
  • Update changelog and changelog building tools #​774
  • Update badges for scoped package #​710
  • Update badges for scoped package #​709
  • docs: move history note to the bottom and expand it. #​708
  • Update README to remove an insecure suggestion #​704
  • Document passive option #​660
  • Read me update for authnContext example for ADFS #​647
⚙️ Technical Tasks
  • Clean working folder before doing a release build #​793
  • Update changelog build tools #​792
  • Add prerelease script #​775
  • Reduce dependabot update frequency #​765
  • Have dependabot update package.json too #​764
  • Have dependabot update package.json too #​724
  • Add dependabot config file #​711
  • Move to NPM organization #​705
  • Add code coverage workflow #​706
  • Replace integration tests with unit tests #​702
  • Add code coverage #​701
  • Adjust .mochars.json #​699
  • Migrate from "should" to "chai" #​687
  • Update issue templates #​652
  • Fix main path in package.json #​623

v3.1.0

Compare Source

💣 Major Changes
🚀 Minor Changes
  • Add support for multiple signing certs in metadata #​655
🔗 Dependencies
🐛 Bug Fixes
  • add MultiStrategyConfig type export #​675
📚 Documentation
  • Update changelog and changelog building tools #​774
  • Update badges for scoped package #​710
  • Update badges for scoped package #​709
  • docs: move history note to the bottom and expand it. #​708
  • Update README to remove an insecure suggestion #​704
  • Document passive option #​660
  • Read me update for authnContext example for ADFS #​647
⚙️ Technical Tasks
  • Clean working folder before doing a release build #​793
  • Update changelog build tools #​792
  • Add prerelease script #​775
  • Reduce dependabot update frequency #​765
  • Have dependabot update package.json too #​764
  • Have dependabot update package.json too #​724
  • Add dependabot config file #​711
  • Move to NPM organization #​705
  • Add code coverage workflow #​706
  • Replace integration tests with unit tests #​702
  • Add code coverage #​701
  • Adjust .mochars.json #​699
  • Migrate from "should" to "chai" #​687
  • Update issue templates #​652
  • Fix main path in package.json #​623

v3.0.0

Compare Source

🐛 Bug Fixes
  • [security] Limit transforms for signed nodes #​595
  • Fix: Conflicting profile properties between profile and attributes #​593
  • Fix validateInResponseTo null check #​596
📚 Documentation
  • Rebuild changelog for 3.0.0 #​605
  • Fix typo OnBefore -> NotBefore #​611
  • Update README with new Cache Provider interface #​608

v2.2.0

Compare Source

  • Resolve XML-encoded carriage returns during signature validation (#​578) (08c626c)
  • Add deprecation notices for renamed variables (#​568) (8114d4c)

v2.1.0

Compare Source

v2.0.6

Compare Source

  • bump xmldom to 0.5.x since all lower versions have security issue (#​551) (3d98c75)

v2.0.5

Compare Source

⚙️ Technical Tasks
  • Ignore test folder when building npm package #​526

v2.0.4

Compare Source

⚙️ Technical Tasks
  • Generating changelog using gren #​518

v2.0.2

Compare Source

🐛 Bug Fixes
  • normalize line endings before signature validation #​498

v2.0.1

Compare Source

🐛 Bug Fixes
  • Add deprecation notice for privateCert; fix bug #​492

v1.5.0

Compare Source

🚀 Minor Changes
  • validateSignature: Support XML docs that contain multiple signed node… #​481
  • validateSignature: Support XML docs that contain multiple signed nodes #​455
🐛 Bug Fixes
  • Revert "validateSignature: Support XML docs that contain multiple signed nodes" #​480
⚙️ Technical Tasks
  • outdated Q library was removed #​478

v1.4.2

Compare Source

⚙️ Technical Tasks
  • Primary files use typescript #​477

v1.4.1

Compare Source

⚙️ Technical Tasks

v1.4.0

Compare Source

💣 Major Changes
🚀 Minor Changes
  • try to use curl when wget is not available #​468
🔗 Dependencies
  • bumped xml-crypto from 1.5.3 to 2.0.0 #​470
  • Upgrade xml-crypto dependency #​465
🐛 Bug Fixes
  • Only make an attribute an object if it has child elements #​464
  • fix: add catch block to NameID decryption #​461
📚 Documentation
⚙️ Technical Tasks
  • Ts secondary files #​474
  • support typescript compilation #​469
  • Add GitHub Actions as Continuos Integration provider #​463

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@github-actions
Copy link

github-actions bot commented Jan 20, 2025

Jira Pull request Link

It seems this Pull Request has no issues that refers to Jira!!!
Please check it out.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate-pagopa renovate-pagopa bot force-pushed the renovate/passport-saml-to-3.2.2 branch from cd389d0 to c068dac Compare March 20, 2025 04:42
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate-pagopa renovate-pagopa bot changed the title Bump passport-saml from 1.3.5 to 3.2.2 Bump passport-saml from 1.3.5 to 3.2.2 - autoclosed Aug 5, 2025
@renovate-pagopa renovate-pagopa bot closed this Aug 5, 2025
@renovate-pagopa renovate-pagopa bot deleted the renovate/passport-saml-to-3.2.2 branch August 5, 2025 04:52
@renovate-pagopa renovate-pagopa bot restored the renovate/passport-saml-to-3.2.2 branch August 5, 2025 08:52
@renovate-pagopa renovate-pagopa bot changed the title Bump passport-saml from 1.3.5 to 3.2.2 - autoclosed Bump passport-saml from 1.3.5 to 3.2.2 Aug 5, 2025
@renovate-pagopa renovate-pagopa bot reopened this Aug 5, 2025
@renovate-pagopa renovate-pagopa bot force-pushed the renovate/passport-saml-to-3.2.2 branch from c068dac to 2d85e2d Compare August 5, 2025 08:53
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 5, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants