saml20-maintained - npm Package Compare versions

Comparing version 0.1.17 to 0.1.18

lib/validateSignature.js

@@ -5,7 +5,7 @@ 'use strict';
 var SignedXml = require('xml-crypto').SignedXml;
-var dom = require('xmldom').DOMParser;
+var Dom = require('xmldom').DOMParser;
 var thumbprint = require('thumbprint');
 
 module.exports = function validateSignature(xml, cert, certThumbprint) {
-  var doc = new dom().parseFromString(xml);
+  var doc = new Dom().parseFromString(xml);
   var signature = select(doc, '/*/*/*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0]
@@ -12,0 +12,0 @@ || select(doc, '/*/*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];

package.json

 {
   "name": "saml20-maintained",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "description": "SAML 2.0 and 1.1 token parser for Node.js",
   "main": "./lib/index.js",
   "dependencies": {
-    "lodash": "4.17.11",
-    "thumbprint": "0.0.1",
-    "xml-crypto": "0.8.1",
-    "xml2js": "0.4.4",
-    "xmldom": "0.1.19"
+    "lodash": "^4.17.11",
+    "thumbprint": "^0.0.1",
+    "xml-crypto": "^0.8.1",
+    "xml2js": "^0.4.4",
+    "xmldom": "^0.1.19"
   },
@@ -26,4 +26,4 @@ "repository": {
   },
-  "author": "Leandro Boffi (me@leandrob.com)", 
-  "contributors":[
+  "author": "Leandro Boffi (me@leandrob.com)",
+  "contributors": [
     {
@@ -37,5 +37,5 @@ "name": "Phillip Son",
   "devDependencies": {
-    "jshint": "2.8.0",
-    "mocha": "2.3.3"
+    "jshint": "2.10.2",
+    "mocha": "6.1.4"
   }
 }

README.md

@@ -1,2 +0,2 @@
-SAML 2.0 & 1.1 Assertion Parser & Validator
+SAML 2.0 & 1.1 Assertion Parser & Validator [![Build Status](https://travis-ci.com/phylp/saml20-maintained.svg?branch=master)](https://travis-ci.com/phylp/saml20-maintained)
 =============
@@ -3,0 +3,0 @@ saml20-maintained is a fork of saml20. It is the same library with updated versions of vulnerable dependencies.

test/lib.saml11.js

@@ -17,3 +17,3 @@ var assert  = require("assert");
 	it("Should validate saml 1.1 token using thumbprint", function (done) {
-		saml.validate(validToken, { thumbprint: thumbprint, bypassExpiration: true }, function(err, profile) {
+		saml.validate(validToken, {publicKey: certificate, thumbprint: thumbprint, bypassExpiration: true }, function(err, profile) {
 			assert.ifError(err);
@@ -20,0 +20,0 @@ assert.equal(issuerName, profile.issuer);

test/lib.saml20.js

 var assert  = require("assert");
+var fs      = require("fs");
 var saml    = require("../lib/index.js");
-var fs      = require("fs");
 
@@ -17,3 +17,3 @@ // Tests Configuration
 	it("Should validate saml 2.0 token using thumbprint", function (done) {
-		saml.validate(validToken, { thumbprint: thumbprint, bypassExpiration: true }, function(err, profile) {
+		saml.validate(validToken, {publicKey: certificate, thumbprint: thumbprint, bypassExpiration: true }, function(err, profile) {
 			assert.ifError(err);
@@ -20,0 +20,0 @@ assert.ok(profile.claims);

No alert changes

Improved metrics

Total package byte prevSize

36818

increased by0.85%

Number of package files

17

increased by6.25%

Dependency changes

• + Addedlodash@4.17.21(transitive)

• + Addedsax@1.4.1(transitive)

• + Addedxml-crypto@0.8.5(transitive)

• + Addedxml2js@0.4.23(transitive)

• + Addedxmlbuilder@11.0.1(transitive)

• + Addedxmldom@0.1.31(transitive)

• - Removedlodash@4.17.11(transitive)

• - Removedsax@0.6.1(transitive)

• - Removedxml-crypto@0.8.1(transitive)

• - Removedxml2js@0.4.4(transitive)

• - Removedxmlbuilder@15.1.1(transitive)

• - Removedxmldom@0.1.19(transitive)

• Updatedlodash@^4.17.11

• Updatedthumbprint@^0.0.1

• Updatedxml-crypto@^0.8.1

• Updatedxml2js@^0.4.4

• Updatedxmldom@^0.1.19