Bump xml-crypto from 1.4.0 to 2.1.6 - autoclosed#107

Closed

renovate-pagopa[bot] wants to merge 1 commit intomasterfrom

renovate/xml-crypto-to-2.1.6

renovate-pagopa bot commented Mar 17, 2025

This PR contains the following updates:

Package	Type	Update	Change
xml-crypto	dependencies	major	`^1.4.0` -> `^2.0.0`

For further information on security, please refer to the Confluence page link

Release Notes

node-saml/xml-crypto (xml-crypto)

`v2.1.6`

Full Changelog: node-saml/xml-crypto@v2.1.5...v2.1.6

This addresses two critical CVE:

Please note that this version of xml-crypto is an older version of this library and you are encouraged to update to the latest release. This fix was provided because of the severity of the issue and doesn't include other enhancements, security or otherwise, that have been otherwise made to the latest releases.

`v2.1.5`

What's Changed

2.1.5: bump @xmldom/xmldom to 0.7.9 by @jncr in https://github.com/yaronn/xml-crypto/pull/263

New Contributors

@jncr made their first contribution in https://github.com/yaronn/xml-crypto/pull/263

Full Changelog: node-saml/xml-crypto@v2.1.4...v2.1.5

`v2.1.4`

🐛 Bug Fixes

[bug] Correct behavior for XML canonicalization with namespaces and nested elements #242

`v2.1.3`

🔗 Dependencies

[dependencies] [javascript] [security] Update xmldom to 0.7.0 #236
[dependencies] [java] Bump commons-io from 2.4 to 2.7 in /test/validators/XmlCryptoJava #229

`v2.1.2`

No changelog for this release.

`v2.1.1`

No changelog for this release.

`v2.1.0`

🔗 Dependencies

[dependencies] [javascript] Bump xmldom from 0.1.27 to 0.5.0 #225
[dependencies] [java] Bump junit from 4.12 to 4.13.1 in /test/validators/XmlCryptoJava #217

🐛 Bug Fixes

[bug] fix for #201 #218

⚙️ Technical Tasks

[chore] Don't pull the example folder into the module build #220

`v2.0.0`

No changelog for this release.

`v1.5.6`

Update xmldom to 0.7.0 (#236)

`v1.5.5`

`v1.5.4`

Updated xmldom (06831c5)

`v1.5.3`

🚀 Minor Changes

[enhancement] Async response for built in algo sign/verify #209

`v1.5.2`

No changelog for this release.

`v1.5.1`

🐛 Bug Fixes

[bug] Test suites of other projects (mocha) that include v1.5.0 fail #207

`v1.5.0`

🚀 Minor Changes

[enhancement] Add callback options to sign/verify asynchronously #206

`v1.4.1`

🔗 Dependencies

[dependencies] Bump js-yaml from 3.12.0 to 3.13.1 #205

🐛 Bug Fixes

[bug] validation instruction typo #192
[bug] Fixes line end and white space normalization. #196

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.


          Bump xml-crypto from 1.4.0 to 2.1.6

83efefc

renovate-pagopa bot added the OER label

github-actions bot commented Mar 17, 2025

Jira Pull request Link

It seems this Pull Request has no issues that refers to Jira!!!
Please check it out.

sonarqubecloud bot commented Mar 17, 2025

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

renovate-pagopa bot changed the title ~~Bump xml-crypto from 1.4.0 to 2.1.6~~ Bump xml-crypto from 1.4.0 to 2.1.6 - autoclosed

renovate-pagopa bot closed this

renovate-pagopa bot deleted the renovate/xml-crypto-to-2.1.6 branch

March 20, 2025 04:42

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

OER