@boxyhq/saml20 - npm Package Compare versions

Comparing version 1.0.12 to 1.0.13

dist/decrypt.js

@@ -38,3 +38,3 @@ "use strict";
     }
-    return xmlenc.decrypt(encryptedAssertions[0].toString(), { key: options.privateKey }, (err, res) => {
+    return xmlenc.decrypt(encryptedAssertions[0], { key: options.privateKey }, (err, res) => {
         if (err) {
@@ -47,3 +47,4 @@ return new Error('Error Exception of Assertion Decryption.');
         const assertionNode = new xmldom_1.DOMParser().parseFromString(res);
-        xml.replaceChild(assertionNode, encryptedAssertions[0]);
+        xml.documentElement.removeChild(encryptedAssertions[0]);
+        xml.documentElement.appendChild(assertionNode);
         return xml.toString();
@@ -56,3 +57,23 @@ });
     }
-    const xml = new xmldom_1.DOMParser().parseFromString(entireXML);
+    const errors = {};
+    let multiRootErrFound = false;
+    const errorHandler = (key, msg) => {
+        if (!errors[key])
+            errors[key] = [];
+        if (msg.indexOf('Only one element can be added and only after doctype')) {
+            if (!multiRootErrFound) {
+                multiRootErrFound = true;
+                errors[key].push(msg);
+            }
+        }
+        else {
+            errors[key].push(msg);
+        }
+    };
+    const xml = new xmldom_1.DOMParser({ errorHandler }).parseFromString(entireXML);
+    Object.keys(errors).forEach((key) => {
+        if (errors[key].indexOf('Only one element can be added and only after doctype')) {
+            throw new Error('multirooted xml not allowed.');
+        }
+    });
     const rootNodeCount = (0, utils_1.countRootNodes)(xml);
@@ -59,0 +80,0 @@ if (rootNodeCount > 1) {

package.json

 {
   "name": "@boxyhq/saml20",
-  "version": "1.0.12",
+  "version": "1.0.13",
   "description": "SAML 2.0 token parser for Node.js",
@@ -49,3 +49,3 @@ "keywords": [
   "dependencies": {
-    "@xmldom/xmldom": "0.8.3",
+    "@xmldom/xmldom": "0.8.6",
     "lodash": "4.17.21",
@@ -55,3 +55,3 @@ "rambda": "7.3.0",
     "xml-crypto": "3.0.1",
-    "xml-encryption": "3.0.1",
+    "xml-encryption": "3.0.2",
     "xml2js": "0.4.23",
@@ -61,11 +61,11 @@ "xmlbuilder": "15.1.1"
   "devDependencies": {
-    "@types/chai": "4.3.3",
+    "@types/chai": "4.3.4",
     "@types/mocha": "10.0.0",
     "@types/node": "18.11.9",
-    "@typescript-eslint/eslint-plugin": "5.41.0",
-    "@typescript-eslint/parser": "5.42.0",
-    "chai": "4.3.6",
+    "@typescript-eslint/eslint-plugin": "5.43.0",
+    "@typescript-eslint/parser": "5.43.0",
+    "chai": "4.3.7",
     "eslint": "8.27.0",
     "eslint-config-prettier": "8.5.0",
-    "husky": "8.0.1",
+    "husky": "8.0.2",
     "lint-staged": "13.0.3",
@@ -77,5 +77,5 @@ "mocha": "10.1.0",
     "tsconfig-paths": "4.1.0",
-    "typescript": "4.8.4"
+    "typescript": "4.9.3"
   },
   "readmeFilename": "README.md"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

44645

increased by1.64%

Lines of code

926

increased by2.32%

Dependency changes

• + Added@xmldom/xmldom@0.8.6(transitive)

• + Addedxml-encryption@3.0.2(transitive)

• - Removed@xmldom/xmldom@0.8.100.8.3(transitive)

• - Removedxml-encryption@3.0.1(transitive)

• Updated@xmldom/xmldom@0.8.6

• Updatedxml-encryption@3.0.2