@boxyhq/saml20 - npm Package Compare versions

Comparing version 1.4.12 to 1.4.13

dist/metadata.js

@@ -16,4 +16,4 @@ "use strict";
 exports.parseMetadata = void 0;
-const lodash_1 = require("lodash");
 const utils_1 = require("./utils");
+const utils_2 = require("./utils");
 const crypto_1 = __importDefault(require("crypto"));
@@ -36,3 +36,3 @@ const xml2js_1 = __importDefault(require("xml2js"));
             }
-            const entityID = (0, lodash_1.get)(res, 'EntityDescriptor.$.entityID');
+            const entityID = (0, utils_1.getAttribute)(res, 'EntityDescriptor.$.entityID');
             let X509Certificates = [];
@@ -45,5 +45,5 @@ const X509CertificatesWithoutSigningAttr = [];
             let sloPostUrl = null;
-            let ssoDes = (0, lodash_1.get)(res, 'EntityDescriptor.IDPSSODescriptor', null);
+            let ssoDes = (0, utils_1.getAttribute)(res, 'EntityDescriptor.IDPSSODescriptor', null);
             if (!ssoDes) {
-                ssoDes = (0, lodash_1.get)(res, 'EntityDescriptor.SPSSODescriptor', []);
+                ssoDes = (0, utils_1.getAttribute)(res, 'EntityDescriptor.SPSSODescriptor', []);
                 if (ssoDes.length > 0) {
@@ -68,7 +68,7 @@ loginType = 'sp';
                 for (const ssoSvcRec of ssoSvc) {
-                    if ((0, lodash_1.get)(ssoSvcRec, '$.Binding', '').endsWith('HTTP-POST')) {
-                        ssoPostUrl = (0, lodash_1.get)(ssoSvcRec, '$.Location');
+                    if ((0, utils_1.getAttribute)(ssoSvcRec, '$.Binding', '').endsWith('HTTP-POST')) {
+                        ssoPostUrl = (0, utils_1.getAttribute)(ssoSvcRec, '$.Location');
                     }
-                    else if ((0, lodash_1.get)(ssoSvcRec, '$.Binding', '').endsWith('HTTP-Redirect')) {
-                        ssoRedirectUrl = (0, lodash_1.get)(ssoSvcRec, '$.Location');
+                    else if ((0, utils_1.getAttribute)(ssoSvcRec, '$.Binding', '').endsWith('HTTP-Redirect')) {
+                        ssoRedirectUrl = (0, utils_1.getAttribute)(ssoSvcRec, '$.Location');
                     }
@@ -78,7 +78,7 @@ }
                 for (const sloSvcRec of sloSvc) {
-                    if ((0, lodash_1.get)(sloSvcRec, '$.Binding', '').endsWith('HTTP-Redirect')) {
-                        sloRedirectUrl = (0, lodash_1.get)(sloSvcRec, '$.Location');
+                    if ((0, utils_1.getAttribute)(sloSvcRec, '$.Binding', '').endsWith('HTTP-Redirect')) {
+                        sloRedirectUrl = (0, utils_1.getAttribute)(sloSvcRec, '$.Location');
                     }
-                    else if ((0, lodash_1.get)(sloSvcRec, '$.Binding', '').endsWith('HTTP-POST')) {
-                        sloPostUrl = (0, lodash_1.get)(sloSvcRec, '$.Location');
+                    else if ((0, utils_1.getAttribute)(sloSvcRec, '$.Binding', '').endsWith('HTTP-POST')) {
+                        sloPostUrl = (0, utils_1.getAttribute)(sloSvcRec, '$.Location');
                     }
@@ -118,3 +118,3 @@ }
             for (const X509Certificate of X509Certificates) {
-                tPrints.push((0, utils_1.thumbprint)(X509Certificate));
+                tPrints.push((0, utils_2.thumbprint)(X509Certificate));
                 /**
@@ -121,0 +121,0 @@ * new crypto.X509Certificate fails with the X509Certificate cert without

dist/post.js

@@ -6,7 +6,9 @@ "use strict";
     return unsafeHtml
-        .replace(/&/g, '&')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;')
-        .replace(/'/g, '&#039;');
+        ? unsafeHtml
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#039;')
+        : unsafeHtml;
 };
@@ -13,0 +15,0 @@ const createPostForm = (postUrl, params) => {

dist/saml20.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-const lodash_1 = require("lodash");
+const utils_1 = require("./utils");
 const permanentNameIdentifier = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent';
@@ -44,3 +44,3 @@ const nameIdentifierClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier';
 function getExtendedProp(obj, prop, extraProp) {
-    let result = prop ? (0, lodash_1.get)(obj, prop) : obj;
+    let result = prop ? (0, utils_1.getAttribute)(obj, prop) : obj;
     const format = result && result['@'] && result['@'].Format ? result['@'].Format : null;
@@ -72,3 +72,3 @@ if (result && result._) {
     let claims = {};
-    let attributes = (0, lodash_1.get)(assertion, 'AttributeStatement.Attribute');
+    let attributes = (0, utils_1.getAttribute)(assertion, 'AttributeStatement.Attribute');
     if (attributes) {
@@ -75,0 +75,0 @@ attributes = attributes instanceof Array ? attributes : [attributes];

dist/utils.d.ts

 declare const parseFromString: (xmlString: string) => Document;
 declare const thumbprint: (cert: string) => string;
-export { parseFromString, thumbprint };
+declare const getAttribute: <TDefault = unknown>(value: any, path: string, defaultValue?: TDefault | undefined) => TDefault;
+export { parseFromString, thumbprint, getAttribute };

dist/utils.js

@@ -6,3 +6,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.thumbprint = exports.parseFromString = void 0;
+exports.getAttribute = exports.thumbprint = exports.parseFromString = void 0;
 const xmldom_1 = require("@xmldom/xmldom");
@@ -54,1 +54,19 @@ const crypto_1 = __importDefault(require("crypto"));
 exports.thumbprint = thumbprint;
+const getAttribute = (value, path, defaultValue) => {
+    const segments = path.split(/[\.\[\]]/g); // eslint-disable-line no-useless-escape
+    let current = value;
+    for (const key of segments) {
+        if (current === null)
+            return defaultValue;
+        if (current === undefined)
+            return defaultValue;
+        const dequoted = key.replace(/['"]/g, '');
+        if (dequoted.trim() === '')
+            continue;
+        current = current[dequoted];
+    }
+    if (current === undefined)
+        return defaultValue;
+    return current;
+};
+exports.getAttribute = getAttribute;

package.json

 {
   "name": "@boxyhq/saml20",
-  "version": "1.4.12",
+  "version": "1.4.13",
   "description": "SAML 2.0 token parser for Node.js",
@@ -43,3 +43,2 @@ "keywords": [
     "@xmldom/xmldom": "0.8.10",
-    "lodash": "4.17.21",
     "xml-crypto": "6.0.0",
@@ -52,7 +51,7 @@ "xml-encryption": "3.0.2",
     "@types/mocha": "10.0.6",
-    "@types/node": "20.11.19",
+    "@types/node": "20.11.24",
     "@types/xml2js": "0.4.14",
-    "@typescript-eslint/eslint-plugin": "7.0.2",
-    "@typescript-eslint/parser": "7.0.2",
-    "eslint": "8.56.0",
+    "@typescript-eslint/eslint-plugin": "7.1.1",
+    "@typescript-eslint/parser": "7.1.1",
+    "eslint": "8.57.0",
     "eslint-config-prettier": "9.1.0",
@@ -59,0 +58,0 @@ "mocha": "10.3.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

62770

increased by1.46%

Dependency count

5

decreased by-16.67%

Lines of code

1322

increased by1.61%

Dependency changes

• - Removedlodash@4.17.21

• - Removedlodash@4.17.21(transitive)