saml - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

CHANGELOG.md

@@ -5,2 +5,9 @@ # Changelog
 
+### [2.0.1](https://github.com/auth0/node-saml/compare/v2.0.0...v2.0.1) (2022-02-09)
+
+
+### Bug Fixes
+
+* **saml11:** do not mutate moment() when options.lifetimeInSeconds is provided ([0a5afd1](https://github.com/auth0/node-saml/commit/0a5afd1977dc832f1cc51de6af7c801cc95f78b5))
+
 ## [2.0.0](https://github.com/auth0/node-saml/compare/v1.0.1...v2.0.0) (2022-02-04)
@@ -7,0 +14,0 @@

lib/saml11.js

@@ -121,3 +121,3 @@ var path = require('path');
     conditions[0].setAttribute('NotBefore', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
-    conditions[0].setAttribute('NotOnOrAfter', now.add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
+    conditions[0].setAttribute('NotOnOrAfter', moment(now).add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
   }
@@ -124,0 +124,0 @@

package.json

 {
   "name": "saml",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "engines": {
@@ -5,0 +5,0 @@ "node": ">=12"

test/saml11.tests.js

@@ -98,6 +98,9 @@ var assert = require('chai').assert;
         assert.equal(1, conditions.length);
+        var authenticationInstant = utils.getAuthenticationInstant(signedAssertion);
         var notBefore = conditions[0].getAttribute('NotBefore');
         var notOnOrAfter = conditions[0].getAttribute('NotOnOrAfter');
+
         should.ok(notBefore);
         should.ok(notOnOrAfter);
+        should.equal(authenticationInstant, notBefore);
 
@@ -104,0 +107,0 @@ var lifetime = Math.round((moment(notOnOrAfter).utc() - moment(notBefore).utc()) / 1000);

test/utils.js

@@ -50,2 +50,6 @@ var xmlCrypto = require('xml-crypto');
 
+exports.getAuthenticationInstant = function (assertion) {
+  return exports.getAuthenticationStatement(assertion).getAttribute('AuthenticationInstant');
+};
+
 exports.getConditions = function(assertion) {
@@ -52,0 +56,0 @@ var doc = new xmldom.DOMParser().parseFromString(assertion);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

88343

increased by0.67%

Lines of code

1559

increased by0.32%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes