@node-saml/node-saml - npm Package Versions

5.0.0 (2024-02-27)

💣 Major Changes

• Update minor dependencies and Node to 18 #344
• Rename cert to idpCert and signingCert to publicCert #343
• Update to current Node versions #342
• Upgrade to latest version of xml-crypto #341
• Fix spelling and normalize naming #278
• Export types required for SamlOptions #224
• Simplify callback URL options; remove path, protocol, and host. #214

🚀 Minor Changes

• Added X509 certificate to KeyInfo X509Data, if passed through options #36
• Export generateServiceProviderMetadata #337
• Fixes node-saml not checking all Audiences in an AudienceRestriction #340
• Add public key support #225
• feat: support additionalParams on HTTP-POST binding #263
• Improve audience mismatch error message #257

🔗 Dependencies

• [javascript] Bump release-it from 16.3.0 to 17.0.5 #348
• [javascript] Bump eslint-plugin-prettier from 4.2.1 to 5.1.3 #346
• [javascript] Bump eslint-config-prettier from 8.10.0 to 9.1.0 #345
• [javascript] Bump eslint-plugin-deprecation from 1.5.0 to 2.0.0 #347
• [javascript] Bump sinon and @types/sinon #349
• [github_actions] Bump actions/checkout from 3 to 4 #330
• [javascript] Bump prettier from 2.8.8 to 3.0.0 #300
• [javascript] Bump prettier-plugin-packagejson from 2.4.3 to 2.4.5 #307
• [javascript] Bump eslint from 8.42.0 to 8.45.0 #306
• [javascript] Bump release-it from 15.11.0 to 16.1.3 #305
• [javascript] Bump @cjbarth/github-release-notes from 4.0.0 to 4.1.0 #304
• [javascript] Bump @types/node from 14.18.50 to 14.18.53 #303
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.62.0 #302
• [javascript] Bump @xmldom/xmldom from 0.8.8 to 0.8.10 #301
• [javascript] Bump @typescript-eslint/parser from 5.59.9 to 5.62.0 #299
• [javascript] Bump word-wrap from 1.2.3 to 1.2.4 #298
• [javascript] Bump sinon from 14.0.2 to 15.2.0 #294
• [javascript] Bump typescript from 4.8.4 to 5.1.6 #293
• [javascript] Bump @typescript-eslint/parser from 5.59.9 to 5.60.1 #292
• [javascript] Bump concurrently from 7.6.0 to 8.2.0 #290
• Remove dependency on Passport types #296
• Remove express dependency #284
• Update minor dependencies #283
• [github_actions] Bump codecov/codecov-action from 3.1.1 to 3.1.4 #279
• [javascript] Bump @typescript-eslint/parser from 5.58.0 to 5.59.8 #281
• [javascript] Bump prettier from 2.8.7 to 2.8.8 #274
• [javascript] Bump json5 from 2.2.1 to 2.2.3 #244
• [javascript] Bump vm2 from 3.9.16 to 3.9.19 #277
• Update minor dependencies #269

🐛 Bug Fixes

• Fix metadata order #334

📚 Documentation

• Roll-up changelog entries for beta releases #282

⚙️ Technical Tasks

• Add test coverage for initialize() of saml.ts #327
• Add tests for XML parsing with comments #285
• Separate linting out from testing #288
• Add test coverage #287
• Prefer Chai expect to Node assert #286
• Remove types specific to Passport #226
• Acknowledge that XML can be parsed to any #271

🙈 Other

• Enforce valid setting for validateInResponseTo #314
• feat: add public getAuthorizeMessage method #235

v4.0.4 (2023-04-11)

🔗 Dependencies

• [security] [javascript] Bump xml2js from 0.4.23 to 0.5.0 #268
• [javascript] Bump xml-encryption from 3.0.1 to 3.0.2 #236

v4.0.3 (2022-12-13)

🔗 Dependencies

• [javascript] Bump eslint from 8.26.0 to 8.29.0 #234
• [javascript] Bump eslint-plugin-deprecation from 1.3.2 to 1.3.3 #232
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.45.0 #231
• [javascript] Bump concurrently from 7.5.0 to 7.6.0 #230
• [javascript] Bump prettier from 2.7.1 to 2.8.0 #229

v4.0.2 (2022-11-23)

🐛 Bug Fixes

• fix: correct handling of XML entities in signature attributes #221
• Expose ValidateInResponseTo as it is required in options #220

📚 Documentation

• Remove pre-release comments from README #223

v4.0.1 (2022-11-16)

🔗 Dependencies

• [javascript] Bump @typescript-eslint/eslint-plugin from 5.41.0 to 5.43.0 #216
• [javascript] Bump @typescript-eslint/parser from 5.41.0 to 5.43.0 #217
• Lock to TypeScript <4.9.0 due to a regression in 4.9.3 #219
• [javascript] Bump @types/node from 14.18.32 to 14.18.33 #201
• [javascript] Bump xml-crypto from 3.0.0 to 3.0.1 #205
• Update @xmldom/xmldom #213

📚 Documentation

• Fixes #208, updated readme by updating package names. #210

⚙️ Technical Tasks

• Remove check now covered by dependency #215

v4.0.0 (2022-10-28)

💣 Major Changes

• Require all assertions be signed; new option wantAssertionsSigned can be set to false to enabled the older, less secure behavior. #177
• Document signatures are now required by default. Setting wantAuthenResponseSigned=false disables this feature and restores the prior, less secure behavior #83
• Make issuer required; remove OneLogin default #61
• Make Audience a required setting #25
• Allow to validate InResponseTo only if provided, to support IDP-initiated login #40
• Update packages; bump minimum node to 14 #45
• Add support for a failed logout response #10
• Set AuthnRequestsSigned in SP metadata if configured for signing. #20

🚀 Minor Changes

• feat: expose getLogoutResponseUrlAsync publicly #194
• fix generate unique metadata ID #158
• Include AuthnRequestsSigned attribute in all metadata #143
• Add support for metadata ContactPerson and Organization #140
• Support multiple Assertion SubjectConfirmation #43
• Extend available options for NameIDPolicy attributes #67
• Migrate from "should" to "chai" #41
• Set a unique ID value in generated metadata #30
• Add option to sign generated metadata #24
• Feature: add facility in config to add <Extensions> element in SAML request #11
• Add ability to publish multiple signing certs in metadata #23
• CacheProvider interface #29
• Support importing to passport-saml project #9
• Add assertion attributes to child object on profile (passport-saml#543) #5

🔗 Dependencies

• Update dependencies, including locked ones #198
• Update Dependencies #197
• Bump @xmldom/xmldom from 0.7.5 to 0.7.6 #196
• [javascript] Bump @xmldom/xmldom from 0.8.2 to 0.8.3 #188
• [javascript] Bump node-fetch and release-it #187
• [javascript] Bump parse-url and release-it #176
• [javascript] Bump @typescript-eslint/parser from 5.36.2 to 5.40.0 #186
• [javascript] Bump prettier-plugin-packagejson from 2.2.18 to 2.3.0 #185
• [javascript] Bump @types/passport from 1.0.9 to 1.0.11 #182
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.38.1 #183
• [javascript] Bump typescript from 4.8.3 to 4.8.4 #181
• [github_actions] Bump codecov/codecov-action from 3.1.0 to 3.1.1 #180
• [javascript] Bump vm2 from 3.9.10 to 3.9.11 #179
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.36.2 #171
• [javascript] Bump @types/chai from 4.3.1 to 4.3.3 #172
• [javascript] Bump @typescript-eslint/parser from 5.30.7 to 5.36.2 #170
• [javascript] Bump eslint from 8.19.0 to 8.23.0 #163
• [javascript] Bump typescript from 4.7.4 to 4.8.3 #169
• [javascript] Bump concurrently from 7.2.2 to 7.3.0 #136
• [javascript] Bump @types/sinon from 10.0.12 to 10.0.13 #134
• deps: move express to devDependencies because it is only used in a test. #161
• Update changelog #162
• [javascript] Bump @typescript-eslint/parser from 5.30.5 to 5.30.7 #125
• [javascript] Bump @types/node from 14.18.16 to 14.18.22 #124
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7 #123
• [javascript] Bump release-it from 15.1.1 to 15.1.2 #122
• [javascript] Bump ts-node from 10.8.2 to 10.9.1 #126
• [javascript] Bump release-it from 15.0.0 to 15.1.1 #117
• [javascript] Bump xml-crypto from 2.1.3 to 2.1.4 #118
• [javascript] Bump ts-node from 10.7.0 to 10.8.2 #119
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6 #120
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.3 to 5.30.5 #114
• [javascript] Bump parse-url from 6.0.0 to 6.0.2 #115
• [javascript] Bump @typescript-eslint/parser from 5.22.0 to 5.30.5 #113
• [javascript] Bump @types/passport from 1.0.7 to 1.0.9 #112
• [javascript] Bump eslint from 8.14.0 to 8.19.0 #111
• [javascript] Bump eslint-plugin-prettier from 4.0.0 to 4.2.1 #104
• [javascript] Bump prettier from 2.6.2 to 2.7.1 #107
• [javascript] Bump @types/sinon from 10.0.11 to 10.0.12 #106
• [javascript] Bump typescript from 4.6.4 to 4.7.4 #105
• [javascript] Bump sinon from 13.0.2 to 14.0.0 #102
• [javascript] Bump concurrently from 7.1.0 to 7.2.2 #100
• [javascript] Bump prettier-plugin-packagejson from 2.2.17 to 2.2.18 #103
• [javascript] Bump @typescript-eslint/eslint-plugin from 5.22.0 to 5.30.3 #99
• [github_actions] Bump actions/checkout from 2 to 3 #97
• Update CodeQL to v2 #95
• Bump npm from 8.6.0 to 8.11.0 #88
• Update dependencies #81
• Update dependencies #75
• Move dependency types next to dependencies #73
• Remove unused qs types #72
• Remove unused request dependency #71
• Support Node 18 #68
• [security] Upgrade xml-encryption to 2.0.0 (fixes audit issue) #44
• Update xmldom #17

🐛 Bug Fixes

• [security] Throw if multiple XML roots detected #195
• Make Issuer Required in the Types Too (like it is at runtime) #90
• Bypass for InResponseTo #87
• Fix broken request tests #86
• [security] Address polynomial regular expression used on uncontrolled data #79
• Fix issues with cache provider potentially returning expired keys #59
• Correctly reset Sinon fake timers #60
• Correct carriage-return entity handling #38
• #13 GCM EncryptionMethod #15
• [security] Limit transforms for signed nodes #6
• Remove duplicate calls to the cache provider #4

📚 Documentation

• Update documentation to remove ADFS references; rename passport-saml #190
• Changelog #173
• Remove insecure clockSkew recommendation #151
• Update badges for scoped package #93
• Add codecov and DeepScan badges #76
• Correct several typos in documentation #39
• Update README.md #1

⚙️ Technical Tasks

• Update types #199
• Update changelog build tools #189
• Clean up signature tests #178
• Remove some usage of any type #175
• Add prerelease script #174
• Reduce frequency of dependabot updates #152
• Consolidate all SAML class code to single file #147
• Improve tests #141
• Refactor process routines out of saml.ts #130
• Refactor generate functions to a separate file #129
• Coerce booleans when constructing options object #85
• Refactor code for better functional grouping #128
• Have dependabot update package.json too #109
• Add dependabot config file #96
• Simplify configs for compilation and release #92
• Move to NPM organization #91
• Factor out metadata routines #78
• Clear up ambiguous branch #80
• Tighten any type #77
• Add code coverage #74
• Clean up exception messages and related tests #69
• Saml options typing #66
• Stop using import assignments #65
• Remove unused vars #64
• Stop using import assignments #63
• Remove useless not null assertions #54
• Enable assertRequired to type narrow #62
• fix a linting warning by adding a return type #56
• remove warnings related to loggedOut in tests #55
• remove useless any type declaration #53
• removes an unused variable in a test #52
• remove useless not null assertions on errors #50
• transform a test that does not use some of its variables #51
• remove a not null assertion by checking certificate's validity #49
• add an assertion to remove a linting warning #47
• remove useless not null assertions #48
• fix a linting warning by adding a return type #46
• [Split saml.ts #1] Move getAdditionalParams out of saml.ts #32
• Move non SAML code out of saml.ts #18
• Fix workflow for Node 16.x #7
• Remove passport-saml code and tests #3